In previous posts, we looked at some of the tools (Flake8 and Black) that can be used for performing stylistic and syntax checking against your Python code. However, there is something else we must also consider - security!

Let me introduce - Bandit. Bandit is a Python-based open-source security linter. Once run, a report is generated that lists security issues identified within your target source code (example below).

$ pip install bandit

$ bandit
Run started:2017-01-11 20:47:39.901651

Test results:
>> Issue: [B506:yaml_load] Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
   Severity: Medium   Confidence: High
7    def from_yaml(yaml_str):
8        return yaml.load(yaml_str)


Code scanned:
    Total lines of code: 12
    Total lines skipped (#nosec): 0

Run metrics:
    Total issues (by severity):
        Undefined: 0
        Low: 0
        Medium: 1
        High: 0
    Total issues (by confidence):
        Undefined: 0
        Low: 0
        Medium: 0
        High: 1
Files skipped (0):
Master Network Automation
Join today and get access to:
  • Full deep-dive course library (inc. Batfish, pyATS, Netmiko)
  • Code repositories inc. full course code, scripts and examples
  • 24x7 Multi-vendor labs (Arista, Cisco, Juniper)
  • Private online community
  • Monthly online meetups
  • Monthly guest speakers

100% Satisfaction Guaranteed!
Cancel your membership at any time.

Join Today