Stack Overflow
Stack Overflow

Questions tagged [bandit-python]

Bandit is a tool designed to find common security issues in Python code.

See also

32 questions
1
vote
0 answers

How to securely load SQL fixtures in Django

I have some fixtures of models in my code base for easy initial setup of the project. However, it includes SQL fixtures as well which means .sql files. I have looked deeply in Django loaddata but it does not support 'SQL' fixtures because, sql is…
SHIVAM JINDAL
  • 2,844
  • 1
  • 17
  • 34
1
vote
1 answer

Bandit issue B108:hardcoded_tmp_directory and B102:exec_used

I ran bandit on my project and got the following issue for security, I don't understand why this is an issue and what are the solutions for the issues. -------------------------------------------------- >> Issue: [B108:hardcoded_tmp_directory]…
Ravindra Gupta
  • 1,256
  • 12
  • 42
1
vote
1 answer

Starting a process with a shell, possible injection detected, security issue

Usingbandit for checking the code for vulnerability issues. https://docs.openstack.org/bandit/1.4.0/plugins/start_process_with_a_shell.html How to go about resolving this? Is there an alternative to using commands library( i.e commands.getoutput)?…
kRazzy R
  • 1,561
  • 1
  • 16
  • 44
1
vote
1 answer

generate an artificial data set for context bandit algorithm

I want to generate the following artificial dataset to test a contextual bandit algorithm. What is the easiest way to get it done in python may be? Can anyone point me to a link which demonstrates a code for it? The unit vectors θ1 , ..., θK for K…
user77005
  • 1,769
  • 4
  • 18
  • 26
0
votes
1 answer

Bandit vulnerability on 'Drop View '

I am not sure why bandit is notifying the below as 'Detected possible formatted SQL query. Use parameterized queries instead.': conn.execute(f"DROP VIEW {view_name};") Is there a way to parameterize the view_name? or concatenation is the only…
Lucky Ratnawat
  • 67
  • 7
0
votes
1 answer

How to limit certain actions from Vowpal Wabbit Contextual Bandit based on context

I'm working on creating a contextual bandit for recommending actions to a user on our website. I want to limit certain actions from showing based on the users context. For example, if a user has already signed up, I don't want it to recommend them…
Cris Pineda
  • 11
  • 3
0
votes
1 answer

Error when adding bandit command to MakeFile : make: *** [bandit] Error 1

I would like to incorporate Bandit security tests into my current Python project and add the command to my MakeFile. In my Makefile, I added the following code: .PHONY: bandit bandit: pip install bandit && bandit -c pyproject.toml -r .…
Cady Li
  • 1
0
votes
0 answers

Can SonarQube really detect memory leaks?

I'm using SonarQube (v8.9) at work with SonarScanner (v4.2). I've created two memory leaks, one in Javascript and one in Python. They couldn't be detected from SonarScanner. These are the snippets: JS: beforeMount () { Window.test = { name:…
KeeperOfTheSevenKeys
  • 69
  • 1
  • 10
0
votes
0 answers

Is it possible to run bandit on a bunch of python files in one folder using command prompt?

I have tried using bandit -r folder/path it does not seem to work. Any suggestions? Thanks! I am getting all my files skipped for some reason? C:\Users\ablev\AppData\Local\Programs\Python\Python310>bandit -r C:\Users\ablev\OneDrive\Desktop\SDEV 300…
user3316598
  • 163
  • 1
  • 7
0
votes
1 answer

equivalent of lxml.objectify cleanup_namespaces in defusedxml

I am getting below error in bandit. Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function. I want the below code's equivlent with…
Ankit Gupta
  • 11
  • 2
0
votes
1 answer

Remove venv folder from bandit scan

When I run poetry run bandit -r . inside my root project's folder root, it consider the .venv path. My folder structure is: root ├── ... ├── my_package ├── .venv └── ... How could I avoid this? I've tried the -x…
Henrique Branco
  • 1,778
  • 1
  • 13
  • 40
0
votes
0 answers

bandit complains that 'six' has no 'itervalues'

I have installed bandit with pip but when I run bandit --help in the command line, I get the following error: Traceback (most recent call last): File "/home/alipqb/.local/share/virtualenvs/django_with_pytest-FUuC6zdm/bin/bandit", line 5, in…
Alipqb
  • 101
  • 4
  • 7
0
votes
1 answer

What is Vowpal Wabbit’s default learner for CMAB Framework?

I’m checking Vowpal Wabbit’s documentation for how it’s actually learning. Traditional Contextual Bandits learn by having F(context, action) = Reward, find action that maximizes Reward, and returns action as recommendation. The “F” is any model;…
kevin_theinfinityfund
  • 1,631
  • 17
  • 18
0
votes
2 answers

What is the difference between ''find .'' and ''find /'' on linux command

I am solving overthewire bandit. I looked solutions but there is no explanation about it. For example when i use find . find it on bandit 5->6 bandit5@bandit:~/inhere$ find . -type f -readable ! -executable -size…
Emin Kotan
  • 2,273
  • 3
  • 9
  • 12
0
votes
0 answers

What's a neater way to run bandit within python that doesn't involve shelling out

I'm using the following package: https://github.com/PyCQA/bandit to perform some static analysis on runtime. Currently I do the following: subprocess.Popen(['bandit', '-r', full_path], stdout=subprocess.PIPE) But I'm trying to move away from using…
Stupid.Fat.Cat
  • 10,755
  • 23
  • 83
  • 144
1
2
3