Implement `flake8-bandit`

[charliermarsh]

• S101: assert_used
• S102: exec_used
• S103: set_bad_file_permissions
• S104: hardcoded_bind_all_interfaces
• S105: hardcoded_password_string
• S106: hardcoded_password_funcarg
• S107: hardcoded_password_default
• S108: hardcoded_tmp_directory
• S109: password_config_option_not_marked_secret
• S110: try_except_pass
• S111: execute_with_run_as_root_equals_true
• S112: try_except_continue
• S113: request_without_timeout
• S201: flask_debug_true
• S202: tarfile_unsafe_members
• S301: pickle
• S302: marshal
• S303: md5
• S304: ciphers
• S305: cipher_modes
• S306: mktemp_q
• S307: eval
• S308: mark_safe
• S311: random
• S312: telnetlib
• S313: xml_bad_cElementTree
• S314: xml_bad_ElementTree
• S315: xml_bad_expatreader
• S316: xml_bad_expatbuilder
• S317: xml_bad_sax
• S318: xml_bad_minidom
• S319: xml_bad_pulldom
• S320: xml_bad_etree
• S321: ftplib
• S323: unverified_context
• S324: hashlib
• S310: urllib_urlopen
• S401: import_telnetlib
• S402: import_ftplib
• S403: import_pickle
• S404: import_subprocess
• S405: import_xml_etree
• S406: import_xml_sax
• S407: import_xml_expat
• S408: import_xml_minidom
• S409: import_xml_pulldom
• S410: import_lxml
• S411: import_xmlrpclib
• S412: import_httpoxy
• S413: import_pycrypto
• S415: import_pyghmi
• S501: request_with_no_cert_validation
• S502: ssl_with_bad_version
• S503: ssl_with_bad_defaults
• S504: ssl_with_no_version
• S505: weak_cryptographic_key
• S506: yaml_load
• S507: ssh_no_host_key_verification
• S508: snmp_insecure_version
• S509: snmp_weak_cryptography
• S601: paramiko_calls
• S602: subprocess_popen_with_shell_equals_true
• S603: subprocess_without_shell_equals_true
• S604: any_other_function_with_shell_equals_true
• S605: start_process_with_a_shell
• S606: start_process_with_no_shell
• S607: start_process_with_partial_path
• S608: hardcoded_sql_expressions
• S609: linux_commands_wildcard_injection
• S610: django_extra_used
• S611: django_rawsql_used
• S612: logging_config_insecure_listen
• S701: jinja2_autoescape_false
• S702: use_of_mako_templates
• S703: django_mark_safe

[charliermarsh]

\cc @edgarrmondragon - easier to track here than to keep incrementing the count in the README. I'll populate the checklist.

[edgarrmondragon]

thanks @charliermarsh!

[charliermarsh]

By the way: the scripts are pretty bad right now, but it might save you some time (and would love help improving):

python scripts/add_check.py --name ConvertLoopToAll --code SIM111 --plugin flake8-simplify

The main limitations right now are:

1. Doesn't keep the members sorted in registry.rs, so has to be manually resorted (else checks appear out-of-order in the docs and elsewhere).
2. Assumes you're using a single plugins.rs file, instead of individual files for each check or a checks.rs file or whatever else, so that also requires manual tweaks.

[edgarrmondragon]

By the way: the scripts are pretty bad right now, but it might save you some time (and would love help improving):

python scripts/add_check.py --name ConvertLoopToAll --code SIM111 --plugin flake8-simplify

The main limitations right now are:

1. Doesn't keep the members sorted in registry.rs, so has to be manually resorted (else checks appear out-of-order in the docs and elsewhere).
2. Assumes you're using a single plugins.rs file, instead of individual files for each check or a checks.rs file or whatever else, so that also requires manual tweaks.

Thanks, I'll take a look at those. They might be really helpful for bandit's blacklist tests.

[ahmedbilal]

Please implement the configurations for it as well e.g exclude_dirs.

https://bandit.readthedocs.io/en/latest/config.html#bandit-settings