Add flake8-bandit to report common security issues

Cito · Cito · commit c991716043d0 · 2022-09-23T21:02:09.000+02:00
diff --git a/.bandit b/.bandit
@@ -0,0 +1,4 @@
+# unfortunately, flake8-bandit does not support pyproject.toml
+
+[bandit]
+exclude = /tests
diff --git a/.flake8 b/.flake8
@@ -1,3 +1,5 @@
+# unfortunately, flake8 does not support pyproject.toml
+
 [flake8]
 ignore = E203,W503
 exclude = .git,.mypy_cache,.pytest_cache,.tox,.venv,__pycache__,build,dist,docs
diff --git a/pyproject.toml b/pyproject.toml
@@ -25,14 +25,14 @@ packages = [
     { include = "graphql", from = "src" },
     { include = "tests", format = "sdist" },
     { include = "docs", format = "sdist" },
-    { include = '.bumpversion.cfg', format = "sdist" },
-    { include = '.editorconfig', format = "sdist" },
-    { include = '.flake8', format = "sdist" },
-    { include = '.readthedocs.yaml', format = "sdist" },
-    { include = 'poetry.lock', format = "sdist" },
-    { include = 'tox.ini', format = "sdist" },
-    { include = 'CODEOWNERS', format = "sdist" },
-    { include = 'SECURITY.md', format = "sdist" }
+    { include = ".bumpversion.cfg", format = "sdist" },
+    { include = ".editorconfig", format = "sdist" },
+    { include = ".flake8", format = "sdist" },
+    { include = ".readthedocs.yaml", format = "sdist" },
+    { include = "poetry.lock", format = "sdist" },
+    { include = "tox.ini", format = "sdist" },
+    { include = "CODEOWNERS", format = "sdist" },
+    { include = "SECURITY.md", format = "sdist" }
 ]
 
 [tool.poetry.urls]
@@ -62,6 +62,7 @@ optional = true
 [tool.poetry.group.lint.dependencies]
 black = "22.8.0"
 flake8 = "^5.0"
+flake8-bandit = "^4.1"
 isort = "^5.10"
 mypy = "0.971"
 bump2version = ">=1.0,<2"
@@ -74,8 +75,11 @@ optional = true
 sphinx = ">= 4.3,<6"
 sphinx_rtd_theme = ">=1,<2"
 
+[tool.bandit]
+exclude_dirs = ["tests"]
+
 [tool.black]
-target-version = ['py37', 'py38', 'py39', 'py310']
+target-version = ["py37", "py38", "py39", "py310"]
 
 [tool.coverage.run]
 branch = true
diff --git a/tox.ini b/tox.ini
@@ -17,7 +17,9 @@ commands  =
 
 [testenv:flake8]
 basepython = python3.9
-deps = flake8>=5,<6
+deps =
+    flake8>=5,<6
+    flake8-bandit>=4.1,<6
 commands =
     flake8 src tests
 

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+# unfortunately, flake8 does not support pyproject.toml`
	`2`	`+`
`1`	`3`	`[flake8]`
`2`	`4`	`ignore = E203,W503`
`3`	`5`	`exclude = .git,.mypy_cache,.pytest_cache,.tox,.venv,__pycache__,build,dist,docs`