Calmcode - bandit: cli

Finding insecure Python code with bandit

1 2 3 4 5

Let's once again assume that we have the following code in our file.

import sys

cmd = sys.argv[1]


To use bandit, we first need to install it.

python -m pip install bandit

Once it is installed we can run bandit and run it against our file.


When you run this you get the following output.

[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 3.7.7
[node_visitor]  INFO    Unable to find qualified name for module:
Run started:2021-05-09 13:02:31.961401

Test results:
>> Issue: [B102:exec_used] Use of exec detected.
  Severity: Medium   Confidence: High
  More Info:
5       exec(cmd)


Code scanned:
        Total lines of code: 3
        Total lines skipped (#nosec): 0

Run metrics:
        Total issues (by severity):
                Undefined: 0.0
                Low: 0.0
                Medium: 1.0
                High: 0.0
        Total issues (by confidence):
                Undefined: 0.0
                Low: 0.0
                Medium: 0.0
                High: 1.0
Files skipped (0):

One of the most useful parts of that log is the link to their documentation page. There you can read all about the security concern.