Add bandit code static analyzer for security, some false positives removed with #nosec.

Bandit is a python package for staticly scanning code for security issues.
* Added to tox.ini
* Added to setup.py
* Added to .travis.yml

As part of CI/CD pipeline

.travis.yml

@@ -21,6 +21,10 @@ matrix:
       python: 3.6
     - env: TOX_ENV=check
       python: 3.6
+    - env: TOX_ENV=security
+      python: 3.7
+      dist: xenial
+      sudo: true
 install:
   - pip install -U tox
   - pip install codecov

sanic/config.py

@@ -80,7 +80,7 @@ class Config(dict):
         module.__file__ = filename
         try:
             with open(filename) as config_file:
-                exec(
+                exec(  # nosec
                     compile(config_file.read(), filename, "exec"),
                     module.__dict__,
                 )

setup.py

@@ -112,7 +112,7 @@ if strtobool(os.environ.get("SANIC_NO_UVLOOP", "no")):
 
 extras_require = {
     "test": tests_require,
-    "dev": tests_require + ["aiofiles", "tox", "black", "flake8"],
+    "dev": tests_require + ["aiofiles", "tox", "black", "flake8", "bandit"],
     "docs": [
         "sphinx",
         "sphinx_rtd_theme",

tox.ini

@@ -1,5 +1,5 @@
 [tox]
-envlist = py36, py37, {py36,py37}-no-ext, lint, check
+envlist = py36, py37, {py36,py37}-no-ext, lint, check, security
 
 [testenv]
 usedevelop = True
@@ -31,10 +31,11 @@ deps =
     flake8
     black
     isort
+    bandit
 
 commands =
     flake8 sanic
-    black --config ./.black.toml --check --verbose sanic
+    black --config ./.black.toml --check --verbose sanic/
     isort --check-only --recursive sanic
 
 [testenv:check]
@@ -47,3 +48,10 @@ commands =
 [pytest]
 filterwarnings =
     ignore:.*async with lock.* instead:DeprecationWarning
+
+[testenv:security]
+deps =
+    bandit
+
+commands =
+    bandit --recursive sanic --skip B404,B101 --exclude sanic/reloader_helpers.py