pre-commit: Integrate bandit

We also remove these unnecessary linter dependencies from test-requirements.txt. Co-Authored-By: Stephen Finucane <sfinucan@redhat.com> Change-Id: Ie797e48fb9d04649fa70e3d5c2f4161d123ed8f5
2024-02-06 15:18:54 +09:00 · 2024-02-06 15:18:54 +09:00 · a892465f19
commit a892465f19
parent de07539a7b
3 changed files with 7 additions and 10 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -23,3 +23,8 @@ repos:
    hooks:
      - id: hacking
        additional_dependencies: []
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.6
+    hooks:
+      - id: bandit
+        args: ['-x', 'tests']
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -4,11 +4,6 @@ oslotest>=3.3.0 # Apache-2.0

 coverage>=4.5.1 # Apache-2.0

-# Bandit security code scanner
-bandit>=1.7.0,<1.8.0 # Apache-2.0
-
 fixtures>=3.0.0 # Apache-2.0/BSD

-pre-commit>=2.6.0 # MIT
-
 eventlet>=0.30.1,!=0.32.0 # MIT
--- a/tox.ini
+++ b/tox.ini
@ -16,10 +16,10 @@ commands =
  stestr slowest

 [testenv:pep8]
+deps =
+  pre-commit
 commands =
  pre-commit run -a
-  # Run security linter
-  bandit -r oslo_log -x tests -n5

 [testenv:venv]
 commands = {posargs}
@ -51,9 +51,6 @@ commands =
  coverage xml -o cover/coverage.xml
  coverage report --show-missing

-[testenv:bandit]
-commands = bandit -r oslo_log -x tests -n5
-
 [flake8]
 # E123, E125 skipped as they are invalid PEP-8.
 # W503, W504 skipped: https://www.python.org/dev/peps/pep-0008/#should-a-line-break-before-or-after-a-binary-operator