Added bandit for python.

TODO

@@ -9,7 +9,6 @@ Todo
 Todo (tool related)
 - Report on python doctests. (also coverage of)
 - Cache tools._python_version.
-- Add bandit tool for python.
 
 
 Done
@@ -166,6 +165,7 @@ Done
   on the command line.
 - Can mypy be a tool?
   <- Yes, but wait for it to be included in python, or until it is an ubuntu package.
+- Add bandit tool for python.
 
 A-syntax, B-tests, C-auto docs, D-lint, E-coverage, F-profile, G-tidy, H-import deps
              A B C D E F G H

golden-files/results/bandit-hi3_py

@@ -0,0 +1,19 @@
+Test results:                      
+    No issues identified.          
+                                   
+Code scanned:                      
+    Total lines of code: 2         
+    Total lines skipped (#nosec): 0
+                                   
+Run metrics:                       
+    Total issues (by severity):    
+        Undefined: 0.0             
+        Low: 0.0                   
+        Medium: 0.0                
+        High: 0.0                  
+    Total issues (by confidence):  
+        Undefined: 0.0             
+        Low: 0.0                   
+        Medium: 0.0                
+        High: 0.0                  
+Files skipped (0):                 

golden-files/results/bandit-hi_py

@@ -0,0 +1,19 @@
+Test results:                      
+    No issues identified.          
+                                   
+Code scanned:                      
+    Total lines of code: 2         
+    Total lines skipped (#nosec): 0
+                                   
+Run metrics:                       
+    Total issues (by severity):    
+        Undefined: 0               
+        Low: 0                     
+        Medium: 0                  
+        High: 0                    
+    Total issues (by confidence):  
+        Undefined: 0               
+        Low: 0                     
+        Medium: 0                  
+        High: 0                    
+Files skipped (0):                 

install-dependencies

@@ -10,3 +10,6 @@ sudo apt-get --yes install python3-minimal python3-pygments python3-pyinotify \
 echo
 echo "Install all the tools vigil may need..."
 ./install-tools
+sudo apt-get --yes install python-pip python3-pip
+pip install bandit==1.1.0
+pip3 install bandit==1.1.0

tools.py

@@ -446,6 +446,18 @@ def disassemble_pyc(path):
 disassemble_pyc.dependencies = set()
 
 
+def bandit(path):
+    python_version = _python_version(path)
+    stdout, stderr, returncode = _do_command(
+        [python_version, "-m", "bandit.cli.main", "-f", "txt", path],
+        timeout=TIMEOUT)
+    status = Status.ok if returncode == 0 else Status.normal
+    text = stdout if python_version == "python" else _fix_input(eval(stdout))
+    text_without_timestamp = "".join(text.splitlines(keepends=True)[2:])
+    return status, fill3.Text(text_without_timestamp)
+bandit.dependencies = {}
+
+
 def _perl_version(path):
     stdout, stderr, returncode = _do_command(["perl", "-c", path])
     return "perl6" if "Perl v6.0.0 required" in stderr else "perl"
@@ -694,7 +706,7 @@ def _tools_for_extension():
     return {
         "py": [python_syntax, python_unittests, pydoc, mypy, python_coverage,
                python_profile, pep8, pyflakes, pylint, python_gut,
-               python_modulefinder, python_mccabe],
+               python_modulefinder, python_mccabe, bandit],
         "pyc": [disassemble_pyc],
         "pl": [perl_syntax, perldoc, perltidy],
         "pm": [perl_syntax, perldoc, perltidy],

tools_test.py

@@ -115,6 +115,10 @@ class ToolsTestCase(unittest.TestCase):
     def test_python_mccable(self):
         self._test_tool(tools.python_mccabe, self.HI_OK)
 
+    def test_bandit(self):
+        self._test_tool(tools.bandit, [("hi3.py", tools.Status.ok),
+                                       ("hi.py", tools.Status.ok)])
+
     def test_disassemble_pyc(self):
         self._test_tool(tools.disassemble_pyc,
                         [("hi3.cpython-34.pyc", tools.Status.normal)])