【笔记】Bandit学习笔记
前言
Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report.(官网)
通过Bandit实现Python代码审计
下载依赖
MacOS
1 | brew install bandit |
Python
1 | pip3 install bandit |
- Windows会在
Python安装目录/Scripts/
目录下生成bandit.exe
可执行文件
审计Python代码
<dir>
:源码根目录
1 | bandit -r <dir> |