Run bandit when verifying changes

It reports only MEDIUM issues or higher like nova [1]

[1] https://github.com/openstack/nova/blob/master/tox.ini#L221

Change-Id: I1302b28ed1dcc4e074c6c6f2aa5e915c88eb03f4
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit 11669ed5216c94f3420969aa5b31e0687af33f18)

diff --git a/test-requirements.txt b/test-requirements.txt
index 8943449..de2148a 100644 (file)
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -9,3 +9,4 @@ pylint==1.4.5 # GPLv2
 yamllint
 ansible-lint
 bashate # Apache-2.0
+bandit

diff --git a/tox.ini b/tox.ini
index dc3b2cb..71e33ed 100644 (file)
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = pep8,pylint,yamllint,ansiblelint,bashate,py27
+envlist = pep8,pylint,yamllint,ansiblelint,bashate,py27,bandit
 
 [testenv]
 usedevelop = True
@@ -23,8 +23,7 @@ commands = flake8
 
 [testenv:pylint]
 basepython = python2.7
-commands =
-  pylint --disable=locally-disabled --reports=n functest_kubernetes
+commands = pylint --disable=locally-disabled --reports=n functest_kubernetes
 
 [testenv:yamllint]
 basepython = python2.7
@@ -36,8 +35,11 @@ commands =
 
 [testenv:ansiblelint]
 basepython = python2.7
-commands =
-  ansible-lint ansible/site.yml
+commands = ansible-lint ansible/site.yml
+
+[testenv:bandit]
+basepython = python2.7
+commands = bandit -r functest_kubernetes -x tests -n 5 -ll
 
 [testenv:py36]
 commands = nosetests functest_kubernetes