From ef4d34ff7e23434243b8aa13f10814d64c603971 Mon Sep 17 00:00:00 2001
From: Anders Pearson <anders@thraxil.org>
Date: Mon, 15 Nov 2021 11:20:18 +0000
Subject: [PATCH] add bandit security tests

Bandit finds a couple issues (see `tox -e bandit` for the
report). Those should be addressed separately. Once everything is
passing, we can add it to the Github Actions workflow.
---
 bandit.yaml | 2 ++
 tox.ini     | 8 +++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 bandit.yaml

diff --git a/bandit.yaml b/bandit.yaml
new file mode 100644
index 00000000..17285460
--- /dev/null
+++ b/bandit.yaml
@@ -0,0 +1,2 @@
+exclude_dirs:
+  - '/tests/'
diff --git a/tox.ini b/tox.ini
index 405aae5f..498a81fc 100644
--- a/tox.ini
+++ b/tox.ini
@@ -73,4 +73,10 @@ basepython=python2
 deps =
 	-r{toxinidir}/devsite/requirements/hawthorn.txt
 commands =
-	edx_lint write pylintrc
\ No newline at end of file
+	edx_lint write pylintrc
+
+[testenv:bandit]
+deps =
+    bandit==1.7.1
+commands =
+    bandit -c bandit.yaml -r figures