From f6caa4e33b2caab9c15687675873dce5ea8abb5f Mon Sep 17 00:00:00 2001
From: John Bampton <jbampton@gmail.com>
Date: Sun, 13 Oct 2024 19:56:10 +1000
Subject: [PATCH] [CI] Add pre-commit hook `bandit` to find Python security
 issues

https://github.com/PyCQA/bandit

https://bandit.readthedocs.io/en/latest/start.html#version-control-integration

https://bandit.readthedocs.io/en/latest/config.html

This PR is skipping four bandit tests.

https://bandit.readthedocs.io/en/latest/plugins/index.html#complete-test-plugin-listing
---
 .pre-commit-config.yaml | 5 +++++
 pyproject.toml          | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index d4e9edbe89..f84f612d54 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -19,6 +19,11 @@ repos:
     hooks:
       - id: isort
         name: isort (python)
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.10
+    hooks:
+      - id: bandit
+        args: ["-c=pyproject.toml", "-r"]
   - repo: https://github.com/codespell-project/codespell
     rev: v2.3.0
     hooks:
diff --git a/pyproject.toml b/pyproject.toml
index 5d7bf33d94..70bf8ffed6 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,2 +1,5 @@
+[tool.bandit]
+skips = ["B101", "B403", "B405", "B608"]
+
 [tool.isort]
 profile = "black"