From 35e42b1d223066e475a6588ec9b5ee37cb2c52b9 Mon Sep 17 00:00:00 2001
From: Diego Russo <diego.russo@arm.com>
Date: Fri, 29 Jul 2022 22:16:46 +0100
Subject: MLIA-389 Enable bandit check in pre-commit

Add bandit to pre-commit and fix some bandit errors.
We use the default security level (low) with few exceptions:
* B101 assert_use: apart of tests, we use assert in our codebase
  hence we globally ignore error B101.
* B404/B603: these are errors related to subprocesse and they are
  being ignored locally when used.
* B604 Test for any function with shell equals true: we have disabled
  this locally because of its safe use in the tests.

Change-Id: If654e5e92285f7c86ac210a6f1373dbab6be17c9
---
 .pre-commit-config.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to '.pre-commit-config.yaml')

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7033a29..08f5f7e 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -81,6 +81,12 @@ repos:
     - id: blocklint
       exclude: setup.cfg
 
+- repo: https://github.com/PyCQA/bandit
+  rev: '1.7.4'
+  hooks:
+    - id: bandit
+      args: ["--skip", "B101"]
+
 - repo: local
   hooks:
     - id: mypy
-- 
cgit v1.2.1