Introduction logo bandit: introduction

1 2 3 4 5

It's easy to write python code that has a security risk. Let's look at the code from the video.

import sys

cmd = sys.argv[1]

exec(cmd)

You can call if from the command line like so:

python bad.py "print('hello')"

This program will take the string "print('hello')" and run it. But what if the user is fooled into giving it malicious code? That's a security risk! The issue is that the python program will run anything that it receives.

In this series of videos we'll look at ways to automatically detect code that has a potential security risk by using bandit.