bandit logo bandit: cli

1 2 3 4 5
Notes

Let's once again assume that we have the following code in our bad.py file.

import sys

cmd = sys.argv[1]

exec(cmd)

To use bandit, we first need to install it.

python -m pip install bandit

Once it is installed we can run bandit and run it against our file.

bandit bad.py

When you run this you get the following output.

[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 3.7.7
[node_visitor]  INFO    Unable to find qualified name for module: bad.py
Run started:2021-05-09 13:02:31.961401

Test results:
>> Issue: [B102:exec_used] Use of exec detected.
  Severity: Medium   Confidence: High
  Location: bad.py:5
  More Info: https://bandit.readthedocs.io/en/latest/plugins/b102_exec_used.html
4
5       exec(cmd)

--------------------------------------------------

Code scanned:
        Total lines of code: 3
        Total lines skipped (#nosec): 0

Run metrics:
        Total issues (by severity):
                Undefined: 0.0
                Low: 0.0
                Medium: 1.0
                High: 0.0
        Total issues (by confidence):
                Undefined: 0.0
                Low: 0.0
                Medium: 0.0
                High: 1.0
Files skipped (0):

One of the most useful parts of that log is the link to their documentation page. There you can read all about the security concern.