From: Jeremy Stanley Date: Sat, 27 Apr 2019 16:14:45 +0000 (+0000) Subject: Test for high-severity vulnerabilities with bandit X-Git-Tag: 0.0.1~28 X-Git-Url: https://mudpy.org/gitweb?a=commitdiff_plain;h=a5b8f6c1bf36ed95824365c188fffa34b61519f6;p=mudpy.git Test for high-severity vulnerabilities with bandit Use the bandit analyzer to check non-test-related Python source code for potential vulnerabilities. To start, only error on matches with severity "high" (we can ratchet it down later as lower-severity items are addressed). --- diff --git a/tox.ini b/tox.ini index 7a73d73..0888046 100644 --- a/tox.ini +++ b/tox.ini @@ -4,7 +4,7 @@ [tox] minversion = 3.1 -envlist = dist, docs, flake8, yamllint, selftest_config, py3 +envlist = bandit, dist, docs, flake8, yamllint, selftest_config, py3 skipsdist = True ignore_basepython_conflict = True @@ -16,6 +16,10 @@ setenv = PYTHONWARNINGS=default::DeprecationWarning commands = mudpy_selftest mudpy/tests/fixtures/test_daemon.yaml +[testenv:bandit] +deps = bandit +commands = bandit -lll -r mudpy -x mudpy/tests {posargs} + [testenv:demo] commands = mudpy {posargs}