Add bandit code static analyzer for security, some false positives removed with #nosec.

Bandit is a python package for staticly scanning code for security issues. * Added to tox.ini * Added to setup.py * Added to .travis.yml As part of CI/CD pipeline
2019-06-23 23:20:00 +02:00
parent d2094fed38
commit 78fe97b9cb
4 changed files with 16 additions and 4 deletions
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = py36, py37, {py36,py37}-no-ext, lint, check
+envlist = py36, py37, {py36,py37}-no-ext, lint, check, security

 [testenv]
 usedevelop = True
@@ -31,10 +31,11 @@ deps =
    flake8
    black
    isort
+    bandit

 commands =
    flake8 sanic
-    black --config ./.black.toml --check --verbose sanic
+    black --config ./.black.toml --check --verbose sanic/
    isort --check-only --recursive sanic

 [testenv:check]
@@ -47,3 +48,10 @@ commands =
 [pytest]
 filterwarnings =
    ignore:.*async with lock.* instead:DeprecationWarning
+
+[testenv:security]
+deps =
+    bandit
+
+commands =
+    bandit --recursive sanic --skip B404,B101 --exclude sanic/reloader_helpers.py