MLIA-389 Enable bandit check in pre-commit

Add bandit to pre-commit and fix some bandit errors. We use the default security level (low) with few exceptions: * B101 assert_use: apart of tests, we use assert in our codebase hence we globally ignore error B101. * B404/B603: these are errors related to subprocesse and they are being ignored locally when used. * B604 Test for any function with shell equals true: we have disabled this locally because of its safe use in the tests. Change-Id: If654e5e92285f7c86ac210a6f1373dbab6be17c9
author: Diego Russo <diego.russo@arm.com> 2022-07-29 22:16:46 +0100
committer: Diego Russo <diego.russo@arm.com> 2022-08-03 12:30:25 +0100
commit: 35e42b1d223066e475a6588ec9b5ee37cb2c52b9 (patch)
tree: 8c2caf1588406851bdb517b43ea888a8255174fa /.pre-commit-config.yaml
parent: 5d81f37de09efe10f90512e50252be9c36925fcf (diff)
download: mlia-35e42b1d223066e475a6588ec9b5ee37cb2c52b9.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7033a29..08f5f7e 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -81,6 +81,12 @@ repos:
     - id: blocklint
       exclude: setup.cfg
 
+- repo: https://github.com/PyCQA/bandit
+  rev: '1.7.4'
+  hooks:
+    - id: bandit
+      args: ["--skip", "B101"]
+
 - repo: local
   hooks:
     - id: mypy
author	Diego Russo <diego.russo@arm.com>	2022-07-29 22:16:46 +0100
committer	Diego Russo <diego.russo@arm.com>	2022-08-03 12:30:25 +0100
commit	35e42b1d223066e475a6588ec9b5ee37cb2c52b9 (patch)
tree	8c2caf1588406851bdb517b43ea888a8255174fa /.pre-commit-config.yaml
parent	5d81f37de09efe10f90512e50252be9c36925fcf (diff)
download	mlia-35e42b1d223066e475a6588ec9b5ee37cb2c52b9.tar.gz