【笔记】Bandit学习笔记

发表于 更新于 阅读次数:

前言

Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report.(官网

下载依赖

MacOS

1
brew install bandit

Python

1
pip3 install bandit
  • Windows会在Python/Scripts/目录下生成bandit.exe可执行文件

扫描代码

<dir>:源码根目录

1
bandit -r <dir>

完成

参考文献

哔哩哔哩——xiaodisec
PyCQA/bandit