From 6fa0a4a7969d8e1bac6271da1474ca62c16baf63 Mon Sep 17 00:00:00 2001
From: Julien Pivotto <roidelapluie@inuits.eu>
Date: Wed, 7 Dec 2016 09:41:23 +0100
Subject: [PATCH] [Security] Implement bandit

Bandit (https://github.com/openstack/bandit) is a python
security linter.

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
---
 .travis.yml           |  4 +++-
 bandit.sh             | 12 ++++++++++++
 requirements-test.txt |  1 +
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100755 bandit.sh

diff --git a/.travis.yml b/.travis.yml
index d87d605..2d1e620 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,7 +8,9 @@ install:
   - pip install -r requirements.txt
   - pip install -r requirements-test.txt
   - pip install -q coverage coveralls --use-wheel
-script: py.test --cov=puppetboard --pep8  -v
+script:
+  - py.test --cov=puppetboard --pep8  -v
+  - ./bandit.sh
 
 after_success:
   - coveralls
diff --git a/bandit.sh b/bandit.sh
new file mode 100755
index 0000000..d54293c
--- /dev/null
+++ b/bandit.sh
@@ -0,0 +1,12 @@
+#!/bin/bash -xe
+# Runs bandit tests
+
+pyver="$(python -V 2>&1)"
+
+if [[ $pyver =~ Python\ 2\.6 ]]
+then
+    echo 'Bandit does not support python 2.6'
+else
+    bandit -r puppetboard
+    bandit -r tests
+fi
diff --git a/requirements-test.txt b/requirements-test.txt
index d78d396..beeb8e9 100644
--- a/requirements-test.txt
+++ b/requirements-test.txt
@@ -6,3 +6,4 @@ pytest-pep8==1.0.5
 pytest-cov==2.2.1
 cov-core==1.15.0
 unittest2==1.1.0; python_version < '2.7'
+bandit