Test using mypy and bandit.

[schinckel]

mypy does static analysis, and bandit does security auditing (of known vulnerabilities, and some suspect coding patterns).

Both of these are currently showing some errors, which should be addressed, and some warnings, which could be addressed.

I'm hoping that travis or whatever is running the tests will pick up this, but I may need to do more.

[codecov-io]

Codecov Report

Merging #151 into dev will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##              dev     #151   +/-   ##
=======================================
  Coverage   52.16%   52.16%           
=======================================
  Files          15       15           
  Lines        1342     1342           
  Branches      137      137           
=======================================
  Hits          700      700           
  Misses        627      627           
  Partials       15       15

[schinckel]

The most pressing issue raised by this is available at https://travis-ci.org/ikalchev/HAP-python/jobs/426333586#L551.

My understanding is that we should be using a different crypto package.

[ikalchev]

Thanks! I will review this and the raised issues and will open PR to track them later this evening.

Awesome addition

[schinckel]

I went to PyConAU a couple of weeks ago, and there was a great talk about using Bandit, and another package (Safety): https://2018.pycon-au.org/talks/43518-watch-out-for-safety-bandits/

It's well worth watching.

[ikalchev]

I would definitely would like these checks added. However, can we remove them from travis until we address the issues, as otherwise the builds will fail. What do you think