It's easy to write python code that has a security risk. Let's look at the code from the video.
import sys cmd = sys.argv exec(cmd)
You can call if from the command line like so:
python bad.py "print('hello')"
This program will take the string
"print('hello')" and run it. But what
if the user is fooled into giving it malicious code? That's a security risk! The
issue is that the python program will run anything that it receives.
In this series of videos we'll look at ways to automatically detect code that has a potential security risk by using bandit.