In previous posts, we looked at some of the tools (Flake8 and Black) that can be used for performing stylistic and syntax checking against your Python code. However, there is something else we must also consider - security!
Let me introduce - Bandit. Bandit is a Python-based open-source security linter. Once run, a report is generated that lists security issues identified within your target source code (example below).
$ pip install bandit
$ bandit my_code.py
...
Run started:2017-01-11 20:47:39.901651
Test results:
>> Issue: [B506:yaml_load] Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
Severity: Medium Confidence: High
Location: my_code.py:8
7 def from_yaml(yaml_str):
8 return yaml.load(yaml_str)
9
--------------------------------------------------
Code scanned:
Total lines of code: 12
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 0
Medium: 1
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 0
High: 1
Files skipped (0):