From 4fc33075256f561a7408f1d2abcab7b05aa47ac1 Mon Sep 17 00:00:00 2001
From: Tin Lam <tl3438@att.com>
Date: Mon, 20 Jun 2016 18:59:26 -0500
Subject: [PATCH] Add bandit in tox -e pep8

Add bandit tox environment and amend pep8 env to run it.
Also, fix bandit errors with "0.0.0.0".

Change-Id: Ieb5785abd945663e07c07f0ddd3d9a074004f46a
Closes-Bug: #1594423
---
 test-requirements.txt | 3 +++
 tox.ini               | 5 +++++
 watcher/api/app.py    | 2 +-
 watcher/api/config.py | 2 +-
 watcher/cmd/api.py    | 4 ++--
 5 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/test-requirements.txt b/test-requirements.txt
index 3f6c24db5..f65d3a64d 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -22,3 +22,6 @@ sphinxcontrib-pecanwsme>=0.8 # Apache-2.0
 
 # releasenotes
 reno>=1.6.2 # Apache2
+
+# bandit
+bandit>=1.0.1 # Apache-2.0
\ No newline at end of file
diff --git a/tox.ini b/tox.ini
index 8c2684f16..1958fb89f 100644
--- a/tox.ini
+++ b/tox.ini
@@ -20,6 +20,7 @@ commands =
 commands =
     doc8 doc/source/ CONTRIBUTING.rst HACKING.rst README.rst
     flake8
+    bandit -r watcher -x tests -n5 -ll
 
 [testenv:venv]
 setenv = PYTHONHASHSEED=0
@@ -61,3 +62,7 @@ ignore-path=doc/source/image_src,doc/source/man,doc/source/api
 
 [testenv:releasenotes]
 commands = sphinx-build -a -W -E -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
+
+[testenv:bandit]
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit -r watcher -x tests -n5 -ll
diff --git a/watcher/api/app.py b/watcher/api/app.py
index fde9f8be6..1cd03a823 100644
--- a/watcher/api/app.py
+++ b/watcher/api/app.py
@@ -30,7 +30,7 @@ API_SERVICE_OPTS = [
                 default=9322,
                 help=_('The port for the watcher API server')),
     cfg.StrOpt('host',
-               default='0.0.0.0',
+               default='127.0.0.1',
                help=_('The listen IP for the watcher API server')),
     cfg.IntOpt('max_limit',
                default=1000,
diff --git a/watcher/api/config.py b/watcher/api/config.py
index d6f7a5e46..3952459ac 100644
--- a/watcher/api/config.py
+++ b/watcher/api/config.py
@@ -22,7 +22,7 @@ from watcher.api import hooks
 # See https://pecan.readthedocs.org/en/latest/configuration.html#server-configuration # noqa
 server = {
     'port': '9322',
-    'host': '0.0.0.0'
+    'host': '127.0.0.1'
 }
 
 # Pecan Application Configurations
diff --git a/watcher/cmd/api.py b/watcher/cmd/api.py
index d3730010b..089869345 100644
--- a/watcher/cmd/api.py
+++ b/watcher/cmd/api.py
@@ -38,8 +38,8 @@ def main():
     server = service.WSGIService(
         'watcher-api', CONF.api.enable_ssl_api)
 
-    if host == '0.0.0.0':
-        LOG.info(_LI('serving on 0.0.0.0:%(port)s, '
+    if host == '127.0.0.1':
+        LOG.info(_LI('serving on 127.0.0.1:%(port)s, '
                      'view at %(protocol)s://127.0.0.1:%(port)s') %
                  dict(protocol=protocol, port=port))
     else: