Add bandit to pre-commit (#94)

* Added bandit to pre-commit hooks

* Testing requirements

* Testing building

* Restores bandit

* Add blank line

* Adds jinja2-time to requirements

* Adds missing dash

* Adds jinja2-time to template as well as higher level

* Fixes typo

* Testing

* Testing with jinja2_time

* Testing with jinja2-time

* Testing with both

* Adds jinja2_time to package

* Makes jinja2_time a dev package

* Testing

* Testing

* Removing extensions

* Tidies up a few things

---------

Co-authored-by: Milne <[email protected]>

cookiecutter.json

@@ -1,6 +1,4 @@
 {
-  "_extensions": ["jinja2_time.TimeExtension"],
-
   "organisation_name": "Your public sector organisation name, for example Government Digital Service",
   "repository_hosting_platform": ["GitHub", "GitLab"],
   "organisation_handle": "Your GitHub/GitLab organisation name, for example ukgovdatascience",

requirements.txt

@@ -1,9 +1,11 @@
+bandit
 cookiecutter
 coverage
 detect-secrets==1.0.3
 #pytest-cookies
 git+https://github.com/Jacobb164/pytest-cookies
 govuk-tech-docs-sphinx-theme
+jinja2-time
 myst-parser
 pre-commit
 pytest

{{ cookiecutter.repo_name }}/.pre-commit-config.yaml

@@ -67,6 +67,13 @@ repos:
         name: detect-secrets - Detect secrets in staged code
         args: [ "--baseline", ".secrets.baseline" ]
         exclude: .*/tests/.*|^\.cruft\.json$
+  - repo: https://github.com/PyCQA/bandit
+    rev: '1.7.5'
+    hooks:
+      - id: bandit
+        name: bandit - Checks for vulnerabilities
+        args: ["-c", "pyproject.toml"]
+        additional_dependencies: ["bandit[toml]"]
 {% if cookiecutter.using_R == "Yes" %}
   # R specific hooks: https://github.com/lorenzwalthert/precommit
   - repo: https://github.com/lorenzwalthert/precommit

{{ cookiecutter.repo_name }}/pyproject.toml

@@ -23,3 +23,8 @@ doctest_optionflags = "NORMALIZE_WHITESPACE"
 testpaths = [
     "./tests"
 ]
+
+# `bandit' configurations
+[tool.bandit]
+exclude_dirs = ["tests", "docs"]
+skips = []