document that random.choices() isn't secure either (PyCQA#728)

* document that random.choices() isn't secure either

* add random.choices() to tests

bandit/blacklists/calls.py

@@ -191,6 +191,7 @@
 |      |                     | - random.randrange                 |           |
 |      |                     | - random.randint                   |           |
 |      |                     | - random.choice                    |           |
+|      |                     | - random.choices                   |           |
 |      |                     | - random.uniform                   |           |
 |      |                     | - random.triangular                |           |
 +------+---------------------+------------------------------------+-----------+
@@ -447,6 +448,7 @@ def gen_blacklist():
          'random.randrange',
          'random.randint',
          'random.choice',
+         'random.choices',
          'random.uniform',
          'random.triangular'],
         'Standard pseudo-random generators are not suitable for '

examples/random_module.py

@@ -6,6 +6,7 @@
 bad = random.randrange()
 bad = random.randint()
 bad = random.choice()
+bad = random.choices()
 bad = random.uniform()
 bad = random.triangular()
 

tests/functional/test_functional.py

@@ -355,8 +355,8 @@ def test_popen_wrappers(self):
     def test_random_module(self):
         '''Test for the `random` module.'''
         expect = {
-            'SEVERITY': {'UNDEFINED': 0, 'LOW': 6, 'MEDIUM': 0, 'HIGH': 0},
-            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 6}
+            'SEVERITY': {'UNDEFINED': 0, 'LOW': 7, 'MEDIUM': 0, 'HIGH': 0},
+            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 7}
         }
         self.check_example('random_module.py', expect)