Add bandit tests to tox

Fixes SmileyChris#237

CHANGES.rst

@@ -11,8 +11,11 @@ release, and any new translations added.
 
 - Make DRF CountryField respect ``blank=False``. This is a backwards incompatible change since blank input will now
   return a validation error (unless ``blank`` is explicitly set to ``True``).
+
 - Fix ``COUNTRIES_OVERRIDE`` when using the complex dictionary format and a single name.
 
+- Add bandit to the test suite for basic security analysis.
+
 
 5.5 (11 September 2019)
 =======================

django_countries/ioc_data.py

@@ -324,6 +324,7 @@ def check_ioc_countries(verbosity=1):
     if verbosity:  # pragma: no cover
         print("Checking if all IOC codes map correctly")
     for key in ISO_TO_IOC:
-        assert COUNTRIES.get(key), "No ISO code for %s" % key
+        if not COUNTRIES.get(key):
+            raise KeyError("No ISO code for %s" % key)
     if verbosity:  # pragma: no cover
         print("Finished checking IOC codes")

django_countries/widgets.py

@@ -92,7 +92,7 @@ def render(self, name, value, attrs=None, renderer=None):
         else:
             country = Country(value or "__")
         with country.escape:
-            return mark_safe(
+            return mark_safe(  # nosec
                 self.layout.format(
                     widget=widget_render, country=country, flag_id=escape(flag_id)
                 )

tox.ini

@@ -12,6 +12,7 @@ envlist =
     py27-django111-drf{37,38,39}
     py27-django18-drf{33,34,35,36}
     readme
+    bandit
     coverage_report
 skip_missing_interpreters = True
 
@@ -21,7 +22,7 @@ python =
     3.4: py34, codecov
     3.5: py35, codecov
     3.6: py36, codecov
-    3.7: py37, codecov
+    3.7: py37, bandit, codecov
 
 
 [testenv]
@@ -85,3 +86,9 @@ skip_install = True
 deps = codecov
 passenv = CI TRAVIS TRAVIS_*
 commands = codecov
+
+[testenv:bandit]
+basepython = python3
+skip_install = True
+deps = bandit
+commands = bandit -r django_countries -x tests