From 6bf905b495dca173a1f000c100512d03bfbe0f2f Mon Sep 17 00:00:00 2001
From: Eric Brown <browne@vmware.com>
Date: Thu, 4 Feb 2016 15:33:29 -0800
Subject: [PATCH] Add bandit security linter

Bandit detects potential security issues in code. This patch adds
it to tox. Some of the issues found need to be fixed prior to
introducing into a gate job.

Change-Id: Id902d8b95626f98d79755cbab9144b2d6041f66e
---
 test-requirements.txt | 1 +
 tox.ini               | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/test-requirements.txt b/test-requirements.txt
index 7b7ad2ed49..f58fa98713 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -19,3 +19,4 @@ WebTest>=2.0 # MIT
 # This is needed for subunit-trace
 tempest-lib>=0.13.0 # Apache-2.0
 reno>=0.1.1 # Apache2
+bandit>=0.17.3 # Apache-2.0
\ No newline at end of file
diff --git a/tox.ini b/tox.ini
index 438cbd3f63..8c743bcbd1 100644
--- a/tox.ini
+++ b/tox.ini
@@ -53,6 +53,10 @@ commands =
   neutron-db-manage --subproject vmware-nsx check_migration
 whitelist_externals = sh
 
+[testenv:bandit]
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit -r vmware_nsx -n 5 -ll
+
 [testenv:cover]
 commands =
   python setup.py testr --coverage --testr-args='{posargs}'