Bandit
Bandit is a popular open-source tool that scans Python code for security vulnerabilities.
Auditor Job Name: Bandit Scan Auditor image: registry.gitlab.com/whitespots-public/security-images/bandit:1.7.5 AppSec Portal Importer Name: Bandit Scan, GitLab Bandit
Bandit scaner and Bandit scaner (GitLab) has a wide range of plugins to detect various types of security vulnerabilities, including SQL injection, cross-site scripting, and hardcoded passwords. It can also detect insecure use of cryptography, such as weak encryption algorithms or incorrect usage of hash functions.
Curl example
curl -X POST localhost/api/v1/scan/import/ -H "Authorization: Token a75bb26171cf391671e67b128bfc8ae1c779ff7b" -H "Content-Type: multipart/form-data" -F "file=@./bandit.json" -F "product_name=Product1" -F "product_type=Application" -F "scanner_name=Bandit Scan" -F "branch=dev" -F "repository=git@gitlab.com:whitespots-public/appsec-portal.git"
curl -X POST localhost/api/v1/scan/import/ -H "Authorization: Token a75bb26171cf391671e67b128bfc8ae1c779ff7b" -H "Content-Type: multipart/form-data" -F "file=@./bandit.json" -F "product_name=Product1" -F "product_type=Application" -F "scanner_name=GitLab Bandit" -F "branch=dev" -F "repository=git@gitlab.com:whitespots-public/appsec-portal.git"
In this command, the following parameters are used:
-X POST
: specifies the HTTP method to be used (in this case, POST)-H "Authorization: Token <authorization_token>"
: specifies the authorization token obtained from AppSec Portal.-H "Content-Type: multipart/form-data"
: specifies the content type of the request.-F "file=@<report_file_path>"
: specifies the path to the report file generated by the scanner.-F "product_name=<product_name>"
: specifies the name of the product being scanned.-F "product_type=<product_type>"
: specifies the type of the product being scanned.-F "scanner_name=<scanner_name>"
: specifies the name of the scanner used to generate the report (Bandit Scan or GitLab Bandit)-F "branch=<branch_name>"
: (optional) specifies the name of the branch in the source code repository (if applicable) This parameter is particularly useful when you want to associate the scan results with a specific branch in your repository. If not provided, the scan will be associated with the default branch
Asset information, if an auditor is used
-F "repository=<repository SSH URL>"
: If your product is code in a repository enter the address of your repository in a specific format, for example: git@gitlab.com:whitespots-public/appsec-portal.git-F "docker_image=<registry address>"
: If your product is image enter the address of the registry where your product is located, for example: registry.gitlab.com/whitespots-public/appsec-portal/back/auto_validator:latest-F "domain=<domain>"
: If your product is web enter the domain name of your product, for example: whitespots.io-F "host=<host>"
: If your product is web enter the IP address of your product, for example: 0.0.0.0
Report example:
{
"errors": [],
"generated_at": "2023-12-26T14:29:38Z",
"metrics": {
"./bad/api_list.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 1,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 14,
"nosec": 0,
"skipped_tests": 0
},
"./bad/api_post.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 2,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 3,
"SEVERITY.UNDEFINED": 0,
"loc": 23,
"nosec": 0,
"skipped_tests": 0
},
"./bad/brute.py": {
"CONFIDENCE.HIGH": 2,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 2,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 19,
"nosec": 0,
"skipped_tests": 0
},
"./bad/db.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 18,
"nosec": 0,
"skipped_tests": 0
},
"./bad/db_init.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 32,
"nosec": 0,
"skipped_tests": 0
},
"./bad/libapi.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 3,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 3,
"SEVERITY.UNDEFINED": 0,
"loc": 22,
"nosec": 0,
"skipped_tests": 0
},
"./bad/libmfa.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 55,
"nosec": 0,
"skipped_tests": 0
},
"./bad/libposts.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 18,
"nosec": 0,
"skipped_tests": 0
},
"./bad/libsession.py": {
"CONFIDENCE.HIGH": 1,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 20,
"nosec": 0,
"skipped_tests": 0
},
"./bad/libuser.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 3,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 3,
"SEVERITY.UNDEFINED": 0,
"loc": 38,
"nosec": 0,
"skipped_tests": 0
},
"./bad/mod_api.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 50,
"nosec": 0,
"skipped_tests": 0
},
"./bad/mod_csp.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 5,
"nosec": 0,
"skipped_tests": 0
},
"./bad/mod_hello.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 5,
"nosec": 0,
"skipped_tests": 0
},
"./bad/mod_mfa.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 42,
"nosec": 0,
"skipped_tests": 0
},
"./bad/mod_posts.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 23,
"nosec": 0,
"skipped_tests": 0
},
"./bad/mod_user.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 51,
"nosec": 0,
"skipped_tests": 0
},
"./bad/vulpy-ssl.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 4,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 1,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 2,
"SEVERITY.UNDEFINED": 0,
"loc": 19,
"nosec": 0,
"skipped_tests": 0
},
"./bad/vulpy.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 2,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 1,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 41,
"nosec": 0,
"skipped_tests": 0
},
"./good/cutpasswd.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 13,
"nosec": 0,
"skipped_tests": 0
},
"./good/db_init.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 33,
"nosec": 0,
"skipped_tests": 0
},
"./good/httpbrute.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 1,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 19,
"nosec": 0,
"skipped_tests": 0
},
"./good/libapi.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 37,
"nosec": 0,
"skipped_tests": 0
},
"./good/libmfa.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 55,
"nosec": 0,
"skipped_tests": 0
},
"./good/libposts.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 18,
"nosec": 0,
"skipped_tests": 0
},
"./good/libsession.py": {
"CONFIDENCE.HIGH": 1,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 39,
"nosec": 0,
"skipped_tests": 0
},
"./good/libuser.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 90,
"nosec": 0,
"skipped_tests": 0
},
"./good/mod_api.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 47,
"nosec": 0,
"skipped_tests": 0
},
"./good/mod_csp.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 5,
"nosec": 0,
"skipped_tests": 0
},
"./good/mod_hello.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 5,
"nosec": 0,
"skipped_tests": 0
},
"./good/mod_mfa.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 47,
"nosec": 0,
"skipped_tests": 0
},
"./good/mod_posts.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 23,
"nosec": 0,
"skipped_tests": 0
},
"./good/mod_user.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 58,
"nosec": 0,
"skipped_tests": 0
},
"./good/mod_welcome1.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 19,
"nosec": 0,
"skipped_tests": 0
},
"./good/vulpy-ssl.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 4,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 1,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 2,
"SEVERITY.UNDEFINED": 0,
"loc": 19,
"nosec": 0,
"skipped_tests": 0
},
"./good/vulpy.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 2,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 1,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 40,
"nosec": 0,
"skipped_tests": 0
},
"./test_code.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 2,
"nosec": 0,
"skipped_tests": 0
},
"./utils/aes-decrypt.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 20,
"nosec": 0,
"skipped_tests": 0
},
"./utils/aes-encrypt.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 21,
"nosec": 0,
"skipped_tests": 0
},
"./utils/ca-create.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 3,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 3,
"SEVERITY.UNDEFINED": 0,
"loc": 43,
"nosec": 0,
"skipped_tests": 0
},
"./utils/ca-csr-create.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 2,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 2,
"SEVERITY.UNDEFINED": 0,
"loc": 26,
"nosec": 0,
"skipped_tests": 0
},
"./utils/ca-csr-load.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 4,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 4,
"SEVERITY.UNDEFINED": 0,
"loc": 27,
"nosec": 0,
"skipped_tests": 0
},
"./utils/crack-cvv.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 15,
"nosec": 0,
"skipped_tests": 0
},
"./utils/crack-hash.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 15,
"nosec": 0,
"skipped_tests": 0
},
"./utils/fernet-generate-key.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 3,
"nosec": 0,
"skipped_tests": 0
},
"./utils/generate_bad_passwords.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 1,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 29,
"nosec": 0,
"skipped_tests": 0
},
"./utils/hashfile.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 14,
"nosec": 0,
"skipped_tests": 0
},
"./utils/hmac_generate.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 13,
"nosec": 0,
"skipped_tests": 0
},
"./utils/httpbrute.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 1,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 24,
"nosec": 0,
"skipped_tests": 0
},
"./utils/luncheck.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 13,
"nosec": 0,
"skipped_tests": 0
},
"./utils/rsa-decrypt.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 21,
"nosec": 0,
"skipped_tests": 0
},
"./utils/rsa-encrypt.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 20,
"nosec": 0,
"skipped_tests": 0
},
"./utils/rsa-keygen.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 2,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 2,
"SEVERITY.UNDEFINED": 0,
"loc": 23,
"nosec": 0,
"skipped_tests": 0
},
"./utils/rsa-sign.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 27,
"nosec": 0,
"skipped_tests": 0
},
"./utils/rsa-verify.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 31,
"nosec": 0,
"skipped_tests": 0
},
"./utils/scrypt-crack.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 36,
"nosec": 0,
"skipped_tests": 0
},
"./utils/scrypt-generate.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 23,
"nosec": 0,
"skipped_tests": 0
},
"./utils/scrypt-verify.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 28,
"nosec": 0,
"skipped_tests": 0
},
"./utils/skey.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 22,
"nosec": 0,
"skipped_tests": 0
},
"_totals": {
"CONFIDENCE.HIGH": 4,
"CONFIDENCE.LOW": 6,
"CONFIDENCE.MEDIUM": 39,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 4,
"SEVERITY.LOW": 9,
"SEVERITY.MEDIUM": 36,
"SEVERITY.UNDEFINED": 0,
"loc": 1558,
"nosec": 0,
"skipped_tests": 0
}
},
"results": [
{
"code": "5 \n6 api_key_file = Path('/tmp/supersecret.txt')\n7 \n",
"col_offset": 20,
"end_col_offset": 42,
"filename": "./bad/api_post.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 377,
"link": "https://cwe.mitre.org/data/definitions/377.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Probable insecure usage of temp file/directory.",
"line_number": 6,
"line_range": [
6
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
"test_id": "B108",
"test_name": "hardcoded_tmp_directory"
},
{
"code": "18 for u,p in users:\n19 c.execute(\"INSERT INTO users (user, password, failures) VALUES ('%s', '%s', '%d')\" %(u, p, 0))\n20 \n",
"col_offset": 18,
"end_col_offset": 90,
"filename": "./bad/db.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 89,
"link": "https://cwe.mitre.org/data/definitions/89.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Possible SQL injection vector through string-based query construction.",
"line_number": 19,
"line_range": [
19
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
"test_id": "B608",
"test_name": "hardcoded_sql_expressions"
},
{
"code": "19 for u,p in users:\n20 c.execute(\"INSERT INTO users (username, password, failures, mfa_enabled, mfa_secret) VALUES ('%s', '%s', '%d', '%d', '%s')\" %(u, p, 0, 0, ''))\n21 \n",
"col_offset": 18,
"end_col_offset": 131,
"filename": "./bad/db_init.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 89,
"link": "https://cwe.mitre.org/data/definitions/89.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Possible SQL injection vector through string-based query construction.",
"line_number": 20,
"line_range": [
20
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
"test_id": "B608",
"test_name": "hardcoded_sql_expressions"
},
{
"code": "15 \n16 for f in Path('/tmp/').glob('vulpy.apikey.' + username + '.*'):\n17 print('removing', f)\n",
"col_offset": 18,
"end_col_offset": 25,
"filename": "./bad/libapi.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 377,
"link": "https://cwe.mitre.org/data/definitions/377.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Probable insecure usage of temp file/directory.",
"line_number": 16,
"line_range": [
16
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
"test_id": "B108",
"test_name": "hardcoded_tmp_directory"
},
{
"code": "19 \n20 keyfile = '/tmp/vulpy.apikey.{}.{}'.format(username, key)\n21 \n",
"col_offset": 14,
"end_col_offset": 39,
"filename": "./bad/libapi.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 377,
"link": "https://cwe.mitre.org/data/definitions/377.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Probable insecure usage of temp file/directory.",
"line_number": 20,
"line_range": [
20
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
"test_id": "B108",
"test_name": "hardcoded_tmp_directory"
},
{
"code": "32 \n33 for f in Path('/tmp/').glob('vulpy.apikey.*.' + key):\n34 return f.name.split('.')[2]\n",
"col_offset": 18,
"end_col_offset": 25,
"filename": "./bad/libapi.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 377,
"link": "https://cwe.mitre.org/data/definitions/377.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Probable insecure usage of temp file/directory.",
"line_number": 33,
"line_range": [
33
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
"test_id": "B108",
"test_name": "hardcoded_tmp_directory"
},
{
"code": "11 \n12 user = c.execute(\"SELECT * FROM users WHERE username = '{}' and password = '{}'\".format(username, password)).fetchone()\n13 \n",
"col_offset": 21,
"end_col_offset": 84,
"filename": "./bad/libuser.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 89,
"link": "https://cwe.mitre.org/data/definitions/89.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Possible SQL injection vector through string-based query construction.",
"line_number": 12,
"line_range": [
12
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
"test_id": "B608",
"test_name": "hardcoded_sql_expressions"
},
{
"code": "24 \n25 c.execute(\"INSERT INTO users (username, password, failures, mfa_enabled, mfa_secret) VALUES ('%s', '%s', '%d', '%d', '%s')\" %(username, password, 0, 0, ''))\n26 \n",
"col_offset": 14,
"end_col_offset": 127,
"filename": "./bad/libuser.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 89,
"link": "https://cwe.mitre.org/data/definitions/89.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Possible SQL injection vector through string-based query construction.",
"line_number": 25,
"line_range": [
25
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
"test_id": "B608",
"test_name": "hardcoded_sql_expressions"
},
{
"code": "52 \n53 c.execute(\"UPDATE users SET password = '{}' WHERE username = '{}'\".format(password, username))\n54 conn.commit()\n",
"col_offset": 14,
"end_col_offset": 70,
"filename": "./bad/libuser.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 89,
"link": "https://cwe.mitre.org/data/definitions/89.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Possible SQL injection vector through string-based query construction.",
"line_number": 53,
"line_range": [
53
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
"test_id": "B608",
"test_name": "hardcoded_sql_expressions"
},
{
"code": "28 \n29 app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))\n",
"col_offset": 0,
"end_col_offset": 86,
"filename": "./bad/vulpy-ssl.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 94,
"link": "https://cwe.mitre.org/data/definitions/94.html"
},
"issue_severity": "HIGH",
"issue_text": "A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.",
"line_number": 29,
"line_range": [
29
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b201_flask_debug_true.html",
"test_id": "B201",
"test_name": "flask_debug_true"
},
{
"code": "28 \n29 app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))\n",
"col_offset": 51,
"end_col_offset": 67,
"filename": "./bad/vulpy-ssl.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 377,
"link": "https://cwe.mitre.org/data/definitions/377.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Probable insecure usage of temp file/directory.",
"line_number": 29,
"line_range": [
29
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
"test_id": "B108",
"test_name": "hardcoded_tmp_directory"
},
{
"code": "28 \n29 app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))\n",
"col_offset": 69,
"end_col_offset": 84,
"filename": "./bad/vulpy-ssl.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 377,
"link": "https://cwe.mitre.org/data/definitions/377.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Probable insecure usage of temp file/directory.",
"line_number": 29,
"line_range": [
29
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
"test_id": "B108",
"test_name": "hardcoded_tmp_directory"
},
{
"code": "54 \n55 app.run(debug=True, host='127.0.1.1', port=5000, extra_files='csp.txt')\n",
"col_offset": 0,
"end_col_offset": 71,
"filename": "./bad/vulpy.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 94,
"link": "https://cwe.mitre.org/data/definitions/94.html"
},
"issue_severity": "HIGH",
"issue_text": "A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.",
"line_number": 55,
"line_range": [
55
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b201_flask_debug_true.html",
"test_id": "B201",
"test_name": "flask_debug_true"
},
{
"code": "2 \n3 with open('/tmp/darkweb2017-top10000.txt') as f:\n4 for password in f.readlines():\n",
"col_offset": 10,
"end_col_offset": 41,
"filename": "./good/cutpasswd.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 377,
"link": "https://cwe.mitre.org/data/definitions/377.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Probable insecure usage of temp file/directory.",
"line_number": 3,
"line_range": [
3
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
"test_id": "B108",
"test_name": "hardcoded_tmp_directory"
},
{
"code": "60 c = conn.cursor()\n61 c.execute(\"INSERT INTO users (username, password, salt, failures, mfa_enabled, mfa_secret) VALUES ('%s', '%s', '%s', '%d', '%d', '%s')\" %(username, '', '', 0, 0, ''))\n62 conn.commit()\n",
"col_offset": 14,
"end_col_offset": 139,
"filename": "./good/libuser.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 89,
"link": "https://cwe.mitre.org/data/definitions/89.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Possible SQL injection vector through string-based query construction.",
"line_number": 61,
"line_range": [
61
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
"test_id": "B608",
"test_name": "hardcoded_sql_expressions"
},
{
"code": "28 \n29 app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))\n",
"col_offset": 0,
"end_col_offset": 86,
"filename": "./good/vulpy-ssl.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 94,
"link": "https://cwe.mitre.org/data/definitions/94.html"
},
"issue_severity": "HIGH",
"issue_text": "A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.",
"line_number": 29,
"line_range": [
29
],
"more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b201_flask_debug_true.html",
"test_id": "B201",
"test_name": "flask_debug_true"
},
{
"code": "28 \n29 app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))\n",
"col_offset": 51,
"end_col_offset": 67,
"filename": "./good/vulpy-ssl.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 377,
"link": "https://cwe.mitre.org/data/definitions/377.html"
},
"issue_severity": "MEDIUM",