bandit logo bandit: nosec

1 2 3 4 5
Notes

Sometimes bandit will notice a security risk when there is none. The example in the video demonstrates this nicely.

if path.startswith(("https:", "http:")):
    with urllib.request.urlopen(path) as resp:
        ...

Bandit will try to detect usage of urlopen in order to warn the user that there is a security risk. In fact, it will check for a lot of function signatures. Bandit is worried that the path variable might contain file:// which might trigger the code to read files from disk. It's good that bandit is critical, but in this case the code already takes care of this risk.

This is a great use-case for the nosec comment. Adding that to the line will allow us to tell bandit to go ahead an ignore the line.

if path.startswith(("https:", "http:")):
    with urllib.request.urlopen(path) as resp:  # nosec
        ...

If you re-run the bandit command with the nosec comment then it will no longer complain about it.