From: Cédric Ollivier <cedric.ollivier@orange.com>
Date: Sat, 25 May 2019 09:03:40 +0000 (+0200)
Subject: Run bandit when verifying changes
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=056c6235eefab5582c3a6803aa9a3cdea2c0c894;p=functest-xtesting.git

Run bandit when verifying changes

It reports only MEDIUM issues or higher like nova [1].
It selects bandit 1.1.0 as defined in nova and neutron lower
constraints [2].

[1] https://github.com/openstack/nova/blob/master/tox.ini#L221
[2] https://github.com/openstack/nova/blob/master/lower-constraints.txt#L8

Change-Id: I52524df867d99fae75798475c762a5f8253dacfa
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit c659caccbf1f55db4e6e3cb31bf088ac57751e86)
---

diff --git a/test-requirements.txt b/test-requirements.txt
index 0cfead31..bac66abe 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -12,3 +12,4 @@ yamllint
 doc8 # Apache-2.0
 bashate # Apache-2.0
 ansible-lint
+bandit
diff --git a/tox.ini b/tox.ini
index 5910c199..1dedf986 100644
--- a/tox.ini
+++ b/tox.ini
@@ -57,6 +57,10 @@ files =
   build.sh
 commands = bashate {[testenv:bashate]files}
 
+[testenv:bandit]
+basepython = python2.7
+commands = bandit -r xtesting -x tests -n 5 -ll -s B602
+
 [testenv:cover]
 basepython = python2.7
 dirs =
diff --git a/upper-constraints.txt b/upper-constraints.txt
index a884d02b..3bfdf036 100644
--- a/upper-constraints.txt
+++ b/upper-constraints.txt
@@ -1 +1,2 @@
 robotframework===3.0.2
+bandit===1.1.0