Bandit - Static Code Analyss for Python Code

From Embedded Lab Vienna for IoT & Security
Revision as of 20:35, 14 January 2023 by TMeissner (talk | contribs) (Created page with "== Summary == This documentation shows how to install and use Bandit, a static analysis tool for C/C++ source code. This Tool can be used to identify possible Security risks categorized in three different Severity Levels (Low, Medium, High). == Requirements == * Python Version 3.7 or higher * Python Package: bandit == Installation and Usage== Bandit can be easily installed via the pip install command. Furthermore it can be found on PyPi for manual installation. If y...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Summary

This documentation shows how to install and use Bandit, a static analysis tool for C/C++ source code. This Tool can be used to identify possible Security risks categorized in three different Severity Levels (Low, Medium, High).

Requirements

  • Python Version 3.7 or higher
  • Python Package: bandit

Installation and Usage

Bandit can be easily installed via the pip install command. Furthermore it can be found on PyPi for manual installation. If you want to install it manually please follow the attached References.

pip install bandit

For executing the analysis just enter die File or Folder you want to be analyzed in a Python Terminal

bandit <File/Folder>

Example

This example is using the Bandit example files from their github (https://github.com/PyCQA/bandit). For this case we are using the imports.py Example with the following Source Code:

import sqlalchemy
# bad
query = "SELECT * FROM foo WHERE id = '%s'" % identifier
query = "INSERT INTO foo VALUES ('a', 'b', '%s')" % value
query = "DELETE FROM foo WHERE id = '%s'" % identifier
query = "UPDATE foo SET value = 'b' WHERE id = '%s'" % identifier
query = """WITH cte AS (SELECT x FROM foo)
SELECT x FROM cte WHERE x = '%s'""" % identifier
# bad alternate forms
query = "SELECT * FROM foo WHERE id = '" + identifier + "'"
query = "SELECT * FROM foo WHERE id = '{}'".format(identifier)
# bad
cur.execute("SELECT * FROM foo WHERE id = '%s'" % identifier)
cur.execute("INSERT INTO foo VALUES ('a', 'b', '%s')" % value)
cur.execute("DELETE FROM foo WHERE id = '%s'" % identifier)
cur.execute("UPDATE foo SET value = 'b' WHERE id = '%s'" % identifier)
# bad alternate forms
cur.execute("SELECT * FROM foo WHERE id = '" + identifier + "'")
cur.execute("SELECT * FROM foo WHERE id = '{}'".format(identifier))
# good
cur.execute("SELECT * FROM foo WHERE id = '%s'", identifier)
cur.execute("INSERT INTO foo VALUES ('a', 'b', '%s')", value)
cur.execute("DELETE FROM foo WHERE id = '%s'", identifier)
cur.execute("UPDATE foo SET value = 'b' WHERE id = '%s'", identifier)
# bug: https://bugs.launchpad.net/bandit/+bug/1479625
def a():
    def b():
        pass
    return b
a()("SELECT %s FROM foo" % val)
# real world false positives
choices=[('server_list', _("Select from active instances"))]
print("delete from the cache as the first argument")

After executing bandit on the File you get the following output

al

Bandit has found two Low Severity Issues regarding Problems with the imported Packages. It also shows the CWE Number associated with it.

References