[WIP] use bandit.yml as default config file (resolves #318)

README.rst

@@ -295,26 +295,28 @@ An optional config file may be supplied and may include:
 
 Per Project Command Line Args
 -----------------------------
-Projects may include a `.bandit` file that specifies command line arguments
+Projects may include a `.bandit.yml` file that specifies command line arguments
 that should be supplied for that project. The currently supported arguments
 are:
 
- - targets: comma separated list of target dirs/files to run bandit on
- - exclude: comma separated list of excluded paths
- - skips: comma separated list of tests to skip
- - tests: comma separated list of tests to run
+ - targets: list of target dirs/files to run bandit on
+ - exclude: list of excluded paths
+ - skips: list of tests to skip
+ - tests: list of tests to run
 
-To use this, put a .bandit file in your project's directory. For example:
+To use this, put a .bandit.yml file in your project's directory. For example:
 
 ::
 
-   [bandit]
-   exclude: /test
+   exclude:
+     - /test
 
 ::
 
-   [bandit]
-   tests: B101,B102,B301
+   tests:
+     - B101
+     - B102
+     - B301
 
 
 Exclusions

bandit/cli/main.py

@@ -28,7 +28,6 @@
 from bandit.core import utils
 
 
-BASE_CONFIG = 'bandit.yaml'
 LOG = logging.getLogger()
 
 
@@ -291,7 +290,7 @@ def main():
         "{relpath:20.20s}: {line:03}: {test_id:^8}: DEFECT: {msg:>20}"
 
         See python documentation for more information about formatting style:
-        https://docs.python.org/3.4/library/string.html
+        https://docs.python.org/3/library/string.html
 
     The following tests were discovered and loaded:
     -----------------------------------------------

bandit/core/config.py

@@ -15,6 +15,7 @@
 # under the License.
 
 import logging
+import os.path
 
 import yaml
 
@@ -23,6 +24,7 @@
 from bandit.core import utils
 
 
+BASE_CONFIG = 'bandit.yml'
 LOG = logging.getLogger(__name__)
 
 
@@ -39,6 +41,8 @@ def __init__(self, config_file=None):
         self.config_file = config_file
         self._config = {}
 
+        if config_file is None and os.path.exists(BASE_CONFIG):
+            config_file = BASE_CONFIG
         if config_file:
             try:
                 f = open(config_file, 'r')

tests/unit/cli/test_baseline.py

@@ -83,7 +83,7 @@ def test_bandit_baseline(self):
         git_repo.index.commit('Initial commit')
         os.chdir(repo_directory)
 
-        with open('bandit.yaml', 'wt') as fd:
+        with open('bandit.yml', 'wt') as fd:
             fd.write(config)
 
         # create three branches, first has only benign, second adds malicious,
@@ -102,8 +102,7 @@ def test_bandit_baseline(self):
                                'benign_two.py'],
                      'expected_return': 0}]
 
-        baseline_command = ['bandit-baseline', '-c', 'bandit.yaml', '-r', '.',
-                            '-p', 'test']
+        baseline_command = ['bandit-baseline', '-r', '.', '-p', 'test']
 
         for branch in branches:
             branch['branch'] = git_repo.create_head(branch['name'])