Bandit
Bandit is a tool designed to find common security issues in Python code.
Security DSLs provided by the Tool
Name
Description
Security Checks provided by the Tool
Name
Description
Test for use of assert.
Test for the use of exec.
Test for setting permissive file permissions.
Test for binding to all interfaces.
Test for use of hard-coded password strings.
Test for use of hard-coded password function arguments.
Test for use of hard-coded password argument defaults.
Test for insecure usage of tmp file/directory.
Test for a password based config option not marked secret.
Test for a pass in the except block.
Test for the use of rootwrap running as root.
Test for a continue in the except block.
Test for missing requests timeout.
Test for use of flask app with debug set to true.
Test for tarfile.extractall.
Test use of insecure md4, md5, or sha1 hash functions in hashlib.
Test for missing certificate validation.
Test for SSL use with bad version used.
Test for SSL use with bad defaults specified.
Test for SSL use with no version specified.
Test for weak cryptographic key use.
Test for use of yaml load.
Test for missing host key validation.
Checking for insecure SNMP versions.
Checking for weak cryptography.
Test for shell injection within Paramiko.
Test for use of popen with shell equals true.
Test for use of subprocess without shell equals true.
Test for any function with shell equals true.
Test for starting a process with a shell.
Test for starting a process with no shell.
Test for starting a process with a partial path.
Test for SQL injection.
Test for use of wildcard injection.
Potential SQL injection on extra function.
Potential SQL injection on RawSQL function.
Test for insecure use of logging.config.listen.
Test for not auto escaping in jinja2.
Test for use of mako templates.
django_mark_safe.