Fix the bandit config

Signed-off-by: Aurélien Bompard <[email protected]>

.bandit.cfg

@@ -1,3 +1,4 @@
 [bandit]
 targets: datanommer.commands,datanommer.consumer,datanommer.models
-exclude: */tests
+# Can't do this now because of https://github.com/PyCQA/bandit/issues/693
+#exclude: .git,.tox,*/tests/*,*/.tox/*

.pre-commit-config.yaml

@@ -29,7 +29,7 @@ repos:
     hooks:
       - id: python-bandit-vulnerability-check
         alias: bandit
-        args: ["--ini", ".bandit.cfg", "-ll"]
+        args: ["--ini", ".bandit.cfg", "-r", "-ll", "-x", ".git,.tox,*/tests/*,*/.tox/*"]
   # - repo: local
   #   hooks:
   #     - id: bandit-local

datanommer.commands/tox.ini

@@ -1,5 +1,5 @@
 [tox]
-envlist = py{36,37,38,39},lint
+envlist = py{36,37,38,39},lint,security
 skipsdist = True
 
 [base]
@@ -26,3 +26,10 @@ commands =
     black --check {[base]package}/{posargs}
     isort --check {[base]package}/{posargs}
     flake8 {[base]package}/{posargs}
+
+
+[testenv:security]
+deps =
+    bandit
+commands =
+    bandit -r -ll -x ./.tox,./tests .

datanommer.consumer/tox.ini

@@ -1,5 +1,5 @@
 [tox]
-envlist = py{36,37,38,39},lint
+envlist = py{36,37,38,39},lint,security
 skipsdist = True
 
 [base]
@@ -25,3 +25,10 @@ commands =
     black --check {[base]package}/{posargs}
     isort --check {[base]package}/{posargs}
     flake8 {[base]package}/{posargs}
+
+
+[testenv:security]
+deps =
+    bandit
+commands =
+    bandit -r -ll -x ./.tox,./tests .

datanommer.models/tox.ini

@@ -1,5 +1,5 @@
 [tox]
-envlist = py{36,37,38,39},lint
+envlist = py{36,37,38,39},lint,security
 skipsdist = True
 
 [base]
@@ -23,3 +23,10 @@ commands =
     black --check {[base]package}/{posargs}
     isort --check {[base]package}/{posargs}
     flake8 {[base]package}/{posargs}
+
+
+[testenv:security]
+deps =
+    bandit
+commands =
+    bandit -r -ll -x ./.tox,./tests .