Use bandit via flake8

Author: Zac-HD

.flake8

@@ -7,7 +7,15 @@ exclude =
     test_imports.py,
     hypothesis-python/tests/py2/*,
     test_lambda_formatting.py
-ignore = D1,D205,D209,D213,D400,D401,D412,D413,D999,D202,E203,E501,W503,B008,B011
+ignore =
+    # `black` creates these ones
+    E203,E501,W503,
+    # Various codes from flake8-docstrings we don't care for
+    D1,D205,D209,D213,D400,D401,D412,D413,D999,D202,
+    # flake8-bugbear options we disagree with
+    B008,B011,
+    # flake8-bandit security warnings we disagree with or don't mind
+    S101,S102,S105,S110,S307,S311,S404,S6
 
 # Use flake8-alfred to forbid builtins that require compatibility wrappers.
 warn-symbols=

hypothesis-python/tests/nocover/test_strategy_state.py

@@ -116,7 +116,7 @@ def filtered_strategy(s, source, level, mixer):
         def is_good(x):
             return bool(
                 Random(
-                    hashlib.md5((mixer + repr(x)).encode(u"utf-8")).digest()
+                    hashlib.sha384((mixer + repr(x)).encode(u"utf-8")).digest()
                 ).randint(0, level)
             )
 
@@ -162,7 +162,7 @@ def flatmapped_strategy(self, source, result1, result2, mixer, p):
 
         def do_map(value):
             rep = repr(value)
-            random = Random(hashlib.md5((mixer + rep).encode(u"utf-8")).digest())
+            random = Random(hashlib.sha384((mixer + rep).encode(u"utf-8")).digest())
             if random.random() <= p:
                 return result1
             else:

requirements/tools.in

@@ -1,13 +1,13 @@
 attrs
 autoflake
-bandit
 black
 blacken-docs
 coverage
 django
 dpcontracts
 flake8
 flake8-alfred
+flake8-bandit
 flake8-bugbear
 flake8-docstrings
 ipython

requirements/tools.txt

@@ -11,7 +11,7 @@ attrs==19.3.0
 autoflake==1.3.1
 babel==2.7.0              # via sphinx
 backcall==0.1.0           # via ipython
-bandit==1.6.2
+bandit==1.6.2             # via flake8-bandit
 black==19.10b0
 blacken-docs==1.3.0
 bleach==3.1.0             # via readme-renderer
@@ -28,8 +28,10 @@ dpcontracts==0.6.0
 entrypoints==0.3          # via flake8
 filelock==3.0.12          # via tox
 flake8-alfred==1.1.1
+flake8-bandit==2.1.2
 flake8-bugbear==19.8.0
 flake8-docstrings==1.5.0
+flake8-polyfill==1.0.2    # via flake8-bandit
 flake8==3.7.9
 gitdb2==2.0.6             # via gitpython
 gitpython==3.0.4          # via bandit
@@ -60,7 +62,7 @@ pluggy==0.13.0            # via pytest, tox
 prompt-toolkit==2.0.10    # via ipython
 ptyprocess==0.6.0         # via pexpect
 py==1.8.0                 # via pytest, tox
-pycodestyle==2.5.0        # via flake8
+pycodestyle==2.5.0        # via flake8, flake8-bandit
 pydocstyle==4.0.1         # via flake8-docstrings
 pyflakes==2.1.1           # via autoflake, flake8
 pygithub==1.44            # via pyupio

tooling/scripts/tool-hash.py

@@ -23,4 +23,4 @@
 import sys
 
 if __name__ == "__main__":
-    print(hashlib.sha1(sys.stdin.read().encode("utf-8")).hexdigest()[:10])
+    print(hashlib.sha384(sys.stdin.read().encode("utf-8")).hexdigest()[:10])