In previous posts, we looked at some of the tools (Flake8 and Black) that can be used for performing stylistic and syntax checking against your Python code. However, there is something else we must also consider - security!

Let me introduce - Bandit. Bandit is a Python-based open-source security linter. Once run, a report is generated that lists security issues identified within your target source code (example below).

$ pip install bandit

$ bandit
Run started:2017-01-11 20:47:39.901651

Test results:
>> Issue: [B506:yaml_load] Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
   Severity: Medium   Confidence: High
7    def from_yaml(yaml_str):
8        return yaml.load(yaml_str)


Code scanned:
    Total lines of code: 12
    Total lines skipped (#nosec): 0

Run metrics:
    Total issues (by severity):
        Undefined: 0
        Low: 0
        Medium: 1
        High: 0
    Total issues (by confidence):
        Undefined: 0
        Low: 0
        Medium: 0
        High: 1
Files skipped (0):
Ready to Master Network Automation? Start Your Journey Today!
Our membership provides:
  • Full deep-dive course library (inc. Batfish, pyATS, Netmiko)
  • Code repositories inc. full course code, scripts and examples
  • 24x7 multi-vendor labs (Arista, Cisco, Juniper)
  • Private online community
  • Live monthly tech sessions
  • Access to tech session library

Join Now ➜