From e9e8c51a92837b47ab74adf4b26a292d8da04159 Mon Sep 17 00:00:00 2001
From: Tim Burke <tim.burke@gmail.com>
Date: Fri, 10 May 2019 11:03:05 -0700
Subject: [PATCH] Add exclusion for bandit check B303

Starting in bandit 1.5.0, sha-1 will trip

    [B303:blacklist] Use of insecure MD2, MD4, MD5, or SHA1 hash function.

However, there are surely clusters out there that have users with
sha-1-hashed passwords, so we can't simply rip it out. A deprecation
period is probably in order, but in the mean time this unblocks the
gate.

Change-Id: I65ff882b1a1cb52ec522e41baa29e4420cd889bd
---
 tox.ini | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tox.ini b/tox.ini
index 16b4eda..6d7f101 100644
--- a/tox.ini
+++ b/tox.ini
@@ -29,10 +29,12 @@ setenv = VIRTUAL_ENV={envdir}
 commands =
     flake8 swauth test
     flake8 --filename=swauth* bin
-    bandit -r swauth -s B309
+    bandit -r swauth -s B303,B309
 
 [testenv:bandit]
-commands = bandit -r swauth -s B309
+# B303 Use of insecure hash function
+# B309 Use of HTTPSConnection
+commands = bandit -r swauth -s B303,B309
 
 [testenv:venv]
 commands = {posargs}