Use Bandit To Find Common Security Issues In Your Python Code

Bandit Python Security

In this article, I’ll tell you a little bit about the bandit tool. What it can and should be used for. We also go a little bit through security things and why security is overall very important.

Bandit is a Tool Designed to Find Common Security Issues in Python Code

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.

Check bandit's developer documentation.

What is Secure Coding and Why is it Important?

One of the biggest mistakes we make is to leave security to the end of the development lifecycle. Security is one of the most important aspects in all the software we develop, and security should always be a priority from the beginning of the development lifecycle.

When a software developer writes program code, they must always consider security. However, this is not always the case.

Here is the checklist of things that you use to make sure your code is as secure as possible.

  • Validate Inputs
  • Use centralized input validation
  • Be keen on canonicalization issues
  • Do not depend on the client’s validation
  • Accept reasonable input lengths and data types in each field
  • Authorization
  • Regard authorization granularity
  • Separate privileges
  • Restrict access to some system resources
  • Use less-privileged accounts
  • Authentication
  • Ensure the use of strong passwords
  • Encode communication ways to guard authenticated tokens
  • Cryptographic Practices
  • Use correct vital sizes and algorithms
  • Encode the data while it is in transit and storage
  • Reserve keys in a secure location
  • Sessions
  • Enforce a timeout for each session
  • Always restart a session with re-authentication

What Can Happen If Code is UnSecure

Here are a few examples of what can happen in the worst case scenario if your code is not secure:

  • Unsecure code can also result in damage to the systems of thousands of users utilizing the software. This could also cost the company a lot of money in compensating the affected users.
  • Unsecure code can lead to loss of life and property. Some malicious organizations exploit software and steal user’s data to blackmail them.

Install Bandit

Install bandit to your OS using the command line.

 pip install bandit
 # Or if you're working with a Python 3 project
 pip3 install bandit

Run Bandit:

bandit -r path/to/your/code

Bandit can also be installed from source. To do so, download the source tarball from PyPI, then install it:

python install

How to Use Bandit

Example usage across a code tree:

bandit -r ~/your_repos/project

Example usage across the examples/ directory, showing three lines of context and only reporting on the high-severity issues:

bandit examples/*.py -n 3 -lll

Bandit can be run with profiles. To run Bandit against the examples directory using only the plugins listed in the ShellInjection profile:

bandit examples/*.py -p ShellInjection

To get more info what you can do with Bandit tool type in command line: bandit -h

If you like this blog post and it was useful to you, please follow us on Twitter and Facebook.

Related articles


Post a Comment