Hi all - Bandit is a Python AST-based static analyzer from the OpenStack Security Group. Unlike other static code analysis tools in the OpenStack ecosystem such as hacking and flake8, Bandit was purpose-built to help find security vulnerabilities.
Bandit has a wiki page at: https://wiki.openstack.org/wiki/Security/Projects/Bandit and is available on Stackforge, at: https://git.openstack.org/stackforge/bandit.git. Instructions for installation and usage are in the README (http://git.openstack.org/cgit/stackforge/bandit/tree/README.md). How does it work? Bandit parses Python source into AST nodes and then executes a node visitor function for each node. Bandit tests are declared based on the type of AST node they inspect. For each such node that is encountered, Bandit calls all of the tests that inspect that node type. For example any time a function is called, Bandit runs all of the tests that inspect function calls. What type of issues can it find? Bandit currently has tests to find hardcoded SQL query strings, files created with bad permissions, crypto requests without certificate validation, insecure temp file usage, the use of unsafe functions, and much more. What's next? We're working on getting Bandit integrated in gate tests in a few projects. If you are a contributor on a project and want to get started using Bandit please get in touch with us. We're also expanding Bandit's functionality with new tests and capabilities. Stay tuned. How can I get involved? We always love to hear feedback, run it against your project and let us know what you find! Also we're looking for new ideas for features and tests. If you'd like to get involved writing tests for Bandit or improving Bandit itself, please drop us a line in #openstack-security on Freenode IRC or send something on the mailing list. Thank you, - The Bandit Team
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
