Performance fix (PyCQA#502)

* Fix PyCQA#490 -- Fix performance issue introduced in 1.6.0

The lines were introduced in 7c4b9fa
and have two effects. First they cause `get_issue_list` to run twice and before
the user receives feedback that bandit started running. Secondly it does not
display any output if no issues are found, which is an unintended behavior change.

* add namespaces for parent attributes

* pylint formatting changes

* made bandit_parent a private attr

* temporary fix; perf issue only on quiet

* update perf issue

add test for regression and fix directory exclusion without wildcards (…

…PyCQA#489)

* add test for regression and fix directory exclusion without wildcards
* fix pep8 errors
* add support for directory exclusion without trailing slashes
* extend exclusion test for backwards compat with 1.5.1 and add fix
* fix pep8 errors
* fix styling
* fix styling
* fix styling

Remove pycryptodome blacklist (PyCQA#470)

* Remove pycryptodome from import blacklist

pycryptodome appears to be actively maintained, as opposed to pycrypto.

Unless there is a noted security issue with not using it, this removes
the blanket blacklist on the library. Any insecure hashes/ciphers/etc.
that the library provides will still be reported as per other libraries.

* [functional-tests]
- repurpose blacklist test to verify that pycryptodome is no longer blacklisted

* - fix flake8 line too long

* [flake8]
- misunderstood what flake8 was complaining about.

Adding test case for traversal crash

Follow up for PyCQA#369

Signed-off-by: Antoine Salon <[email protected]>

Change ver 1.4.1 references to 1.5.0

There have been significant changes since the 1.4.0 release, so
I'd like the next release to be 1.5.0 instead of 1.4.1. This patch
replaces 1.4.1 references with 1.5.0.

Signed-off-by: Eric Brown <[email protected]>

This branch (stable/0.17.0) is at End Of Life

[Important]

This release removes the ‘stats’ elements from the JSON output
formatter. The same information is available in the metrics
section and duplicating the data is noisy and pointless.

[Features]
- Handle curve keyword arg weak_cryptographic_key

[Bug Fixes]
- UTF8 encoding fix for skipped filenames
- Fixed partial path detection on windows
- HTML output now passes markup validation

[Behind the Scenes]
- Many trivial fixes based on pylint scan
- Many cleanups to docs and readme
- Added functional tests for B308, B321, and B402

[Features]

- Add capability to pipe a file into bandit

[Bug Fixes]
- Fixing B502 and B503 developer docs
- Fix for pylint no-self-use error
- Don't include openstack/common in flake8 exclude list

[Behind the Scenes]
- Many trivial fixes based on pylint scan

[New Features]

- Added "input()" to the list of blacklisted calls (B322)

[Bug Fixes]
- Tests work with newest GitPython
- Blacklist filtering now fixed, B001 no longer needed
- Fixed false positive on YAML load() test (B506)
- Fix crypto key size issues when we dont know what it is (B505)

[Behind the Scenes]
- Unit tests now use Mock over MagicMock
- Unit tests now use assertEqual correctly
- Module imports cleaned up

[New Features]

- New test for HTTPoxy bug (CVE-2016-5386)
- Man page added

[Bug Fixes]
- XSS bug fixed in HTML output (Security fix)
- Various typos and spelling errors fixed

[Behind the Scenes]
- Catch general exceptions per-file
- Docs improvements
- Py3.5 bits