In previous posts, we looked at some of the tools (Flake8 and Black) that can be used for performing stylistic and syntax checking against your Python code. However, there is something else we must also consider - security!

Let me introduce - Bandit. Bandit is a Python-based open-source security linter. Once run, a report is generated that lists security issues identified within your target source code (example below).

$ pip install bandit

$ bandit
Run started:2017-01-11 20:47:39.901651

Test results:
>> Issue: [B506:yaml_load] Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
   Severity: Medium   Confidence: High
7    def from_yaml(yaml_str):
8        return yaml.load(yaml_str)


Code scanned:
    Total lines of code: 12
    Total lines skipped (#nosec): 0

Run metrics:
    Total issues (by severity):
        Undefined: 0
        Low: 0
        Medium: 1
        High: 0
    Total issues (by confidence):
        Undefined: 0
        Low: 0
        Medium: 0
        High: 1
Files skipped (0):
Want to Learn Network Automation?
Join our membership and get access to:
  • Full deep-dive course library (inc. Batfish, pyATS, Netmiko)
  • Code repositories inc. full course code, scripts and examples
  • 24x7 multi-vendor labs (Arista, Cisco, Juniper)
  • Private online community
  • Tech demos and sessions

Join Now ➜