Bandit

Bandit is a popular open-source tool that scans Python code for security vulnerabilities.

Auditor Job Name: Bandit Scan Auditor image: registry.gitlab.com/whitespots-public/security-images/bandit:1.7.5 AppSec Portal Importer Name: Bandit Scan, GitLab Bandit

Bandit scaner and Bandit scaner (GitLab) has a wide range of plugins to detect various types of security vulnerabilities, including SQL injection, cross-site scripting, and hardcoded passwords. It can also detect insecure use of cryptography, such as weak encryption algorithms or incorrect usage of hash functions.

Curl example

curl -X POST localhost/api/v1/scan/import/ -H "Authorization: Token a75bb26171cf391671e67b128bfc8ae1c779ff7b" -H "Content-Type: multipart/form-data" -F "file=@./bandit.json" -F "product_name=Product1" -F "product_type=Application" -F "scanner_name=Bandit Scan" -F "branch=dev" -F "repository=git@gitlab.com:whitespots-public/appsec-portal.git"
curl -X POST localhost/api/v1/scan/import/ -H "Authorization: Token a75bb26171cf391671e67b128bfc8ae1c779ff7b" -H "Content-Type: multipart/form-data" -F "file=@./bandit.json" -F "product_name=Product1" -F "product_type=Application" -F "scanner_name=GitLab Bandit" -F "branch=dev" -F "repository=git@gitlab.com:whitespots-public/appsec-portal.git"

In this command, the following parameters are used:

  1. -X POST: specifies the HTTP method to be used (in this case, POST)

  2. -H "Authorization: Token <authorization_token>": specifies the authorization token obtained from AppSec Portal.

  3. -H "Content-Type: multipart/form-data": specifies the content type of the request.

  4. -F "file=@<report_file_path>": specifies the path to the report file generated by the scanner.

  5. -F "product_name=<product_name>": specifies the name of the product being scanned.

  6. -F "product_type=<product_type>": specifies the type of the product being scanned.

  7. -F "scanner_name=<scanner_name>": specifies the name of the scanner used to generate the report (Bandit Scan or GitLab Bandit)

  8. -F "branch=<branch_name>": (optional) specifies the name of the branch in the source code repository (if applicable) This parameter is particularly useful when you want to associate the scan results with a specific branch in your repository. If not provided, the scan will be associated with the default branch

Asset information, if an auditor is used

  1. -F "repository=<repository SSH URL>": If your product is code in a repository enter the address of your repository in a specific format, for example: git@gitlab.com:whitespots-public/appsec-portal.git

  2. -F "docker_image=<registry address>": If your product is image enter the address of the registry where your product is located, for example: registry.gitlab.com/whitespots-public/appsec-portal/back/auto_validator:latest

  3. -F "domain=<domain>": If your product is web enter the domain name of your product, for example: whitespots.io

  4. -F "host=<host>": If your product is web enter the IP address of your product, for example: 0.0.0.0

Report example:

{
  "errors": [],
  "generated_at": "2023-12-26T14:29:38Z",
  "metrics": {
    "./bad/api_list.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 1,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 14,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/api_post.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 2,
      "CONFIDENCE.MEDIUM": 1,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 3,
      "SEVERITY.UNDEFINED": 0,
      "loc": 23,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/brute.py": {
      "CONFIDENCE.HIGH": 2,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 2,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 19,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/db.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 1,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 18,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/db_init.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 1,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 32,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/libapi.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 3,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 3,
      "SEVERITY.UNDEFINED": 0,
      "loc": 22,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/libmfa.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 55,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/libposts.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 18,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/libsession.py": {
      "CONFIDENCE.HIGH": 1,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 1,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 20,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/libuser.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 3,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 3,
      "SEVERITY.UNDEFINED": 0,
      "loc": 38,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/mod_api.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 50,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/mod_csp.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 5,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/mod_hello.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 5,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/mod_mfa.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 42,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/mod_posts.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 23,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/mod_user.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 51,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/vulpy-ssl.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 4,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 1,
      "SEVERITY.LOW": 1,
      "SEVERITY.MEDIUM": 2,
      "SEVERITY.UNDEFINED": 0,
      "loc": 19,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./bad/vulpy.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 2,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 1,
      "SEVERITY.LOW": 1,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 41,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/cutpasswd.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 1,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 13,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/db_init.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 33,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/httpbrute.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 1,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 19,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/libapi.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 1,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 1,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 37,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/libmfa.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 55,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/libposts.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 18,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/libsession.py": {
      "CONFIDENCE.HIGH": 1,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 1,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 39,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/libuser.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 1,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 90,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/mod_api.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 47,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/mod_csp.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 5,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/mod_hello.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 5,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/mod_mfa.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 47,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/mod_posts.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 23,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/mod_user.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 58,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/mod_welcome1.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 19,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/vulpy-ssl.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 4,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 1,
      "SEVERITY.LOW": 1,
      "SEVERITY.MEDIUM": 2,
      "SEVERITY.UNDEFINED": 0,
      "loc": 19,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./good/vulpy.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 2,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 1,
      "SEVERITY.LOW": 1,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 40,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./test_code.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 2,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/aes-decrypt.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 20,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/aes-encrypt.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 21,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/ca-create.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 3,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 3,
      "SEVERITY.UNDEFINED": 0,
      "loc": 43,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/ca-csr-create.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 2,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 2,
      "SEVERITY.UNDEFINED": 0,
      "loc": 26,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/ca-csr-load.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 4,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 4,
      "SEVERITY.UNDEFINED": 0,
      "loc": 27,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/crack-cvv.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 15,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/crack-hash.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 15,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/fernet-generate-key.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 3,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/generate_bad_passwords.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 1,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 29,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/hashfile.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 14,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/hmac_generate.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 13,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/httpbrute.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 1,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 24,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/luncheck.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 13,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/rsa-decrypt.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 1,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 21,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/rsa-encrypt.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 1,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 20,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/rsa-keygen.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 2,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 2,
      "SEVERITY.UNDEFINED": 0,
      "loc": 23,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/rsa-sign.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 1,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 27,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/rsa-verify.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 1,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 1,
      "SEVERITY.UNDEFINED": 0,
      "loc": 31,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/scrypt-crack.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 36,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/scrypt-generate.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 23,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/scrypt-verify.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 28,
      "nosec": 0,
      "skipped_tests": 0
    },
    "./utils/skey.py": {
      "CONFIDENCE.HIGH": 0,
      "CONFIDENCE.LOW": 0,
      "CONFIDENCE.MEDIUM": 0,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 0,
      "SEVERITY.LOW": 0,
      "SEVERITY.MEDIUM": 0,
      "SEVERITY.UNDEFINED": 0,
      "loc": 22,
      "nosec": 0,
      "skipped_tests": 0
    },
    "_totals": {
      "CONFIDENCE.HIGH": 4,
      "CONFIDENCE.LOW": 6,
      "CONFIDENCE.MEDIUM": 39,
      "CONFIDENCE.UNDEFINED": 0,
      "SEVERITY.HIGH": 4,
      "SEVERITY.LOW": 9,
      "SEVERITY.MEDIUM": 36,
      "SEVERITY.UNDEFINED": 0,
      "loc": 1558,
      "nosec": 0,
      "skipped_tests": 0
    }
  },
  "results": [
    {
      "code": "5 \n6 api_key_file = Path('/tmp/supersecret.txt')\n7 \n",
      "col_offset": 20,
      "end_col_offset": 42,
      "filename": "./bad/api_post.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 377,
        "link": "https://cwe.mitre.org/data/definitions/377.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Probable insecure usage of temp file/directory.",
      "line_number": 6,
      "line_range": [
        6
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
      "test_id": "B108",
      "test_name": "hardcoded_tmp_directory"
    },
    {
      "code": "18     for u,p in users:\n19         c.execute(\"INSERT INTO users (user, password, failures) VALUES ('%s', '%s', '%d')\" %(u, p, 0))\n20 \n",
      "col_offset": 18,
      "end_col_offset": 90,
      "filename": "./bad/db.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 89,
        "link": "https://cwe.mitre.org/data/definitions/89.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Possible SQL injection vector through string-based query construction.",
      "line_number": 19,
      "line_range": [
        19
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
      "test_id": "B608",
      "test_name": "hardcoded_sql_expressions"
    },
    {
      "code": "19     for u,p in users:\n20         c.execute(\"INSERT INTO users (username, password, failures, mfa_enabled, mfa_secret) VALUES ('%s', '%s', '%d', '%d', '%s')\" %(u, p, 0, 0, ''))\n21 \n",
      "col_offset": 18,
      "end_col_offset": 131,
      "filename": "./bad/db_init.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 89,
        "link": "https://cwe.mitre.org/data/definitions/89.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Possible SQL injection vector through string-based query construction.",
      "line_number": 20,
      "line_range": [
        20
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
      "test_id": "B608",
      "test_name": "hardcoded_sql_expressions"
    },
    {
      "code": "15 \n16     for f in Path('/tmp/').glob('vulpy.apikey.' + username + '.*'):\n17         print('removing', f)\n",
      "col_offset": 18,
      "end_col_offset": 25,
      "filename": "./bad/libapi.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 377,
        "link": "https://cwe.mitre.org/data/definitions/377.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Probable insecure usage of temp file/directory.",
      "line_number": 16,
      "line_range": [
        16
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
      "test_id": "B108",
      "test_name": "hardcoded_tmp_directory"
    },
    {
      "code": "19 \n20     keyfile = '/tmp/vulpy.apikey.{}.{}'.format(username, key)\n21 \n",
      "col_offset": 14,
      "end_col_offset": 39,
      "filename": "./bad/libapi.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 377,
        "link": "https://cwe.mitre.org/data/definitions/377.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Probable insecure usage of temp file/directory.",
      "line_number": 20,
      "line_range": [
        20
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
      "test_id": "B108",
      "test_name": "hardcoded_tmp_directory"
    },
    {
      "code": "32 \n33     for f in Path('/tmp/').glob('vulpy.apikey.*.' + key):\n34         return f.name.split('.')[2]\n",
      "col_offset": 18,
      "end_col_offset": 25,
      "filename": "./bad/libapi.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 377,
        "link": "https://cwe.mitre.org/data/definitions/377.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Probable insecure usage of temp file/directory.",
      "line_number": 33,
      "line_range": [
        33
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
      "test_id": "B108",
      "test_name": "hardcoded_tmp_directory"
    },
    {
      "code": "11 \n12     user = c.execute(\"SELECT * FROM users WHERE username = '{}' and password = '{}'\".format(username, password)).fetchone()\n13 \n",
      "col_offset": 21,
      "end_col_offset": 84,
      "filename": "./bad/libuser.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 89,
        "link": "https://cwe.mitre.org/data/definitions/89.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Possible SQL injection vector through string-based query construction.",
      "line_number": 12,
      "line_range": [
        12
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
      "test_id": "B608",
      "test_name": "hardcoded_sql_expressions"
    },
    {
      "code": "24 \n25     c.execute(\"INSERT INTO users (username, password, failures, mfa_enabled, mfa_secret) VALUES ('%s', '%s', '%d', '%d', '%s')\" %(username, password, 0, 0, ''))\n26 \n",
      "col_offset": 14,
      "end_col_offset": 127,
      "filename": "./bad/libuser.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 89,
        "link": "https://cwe.mitre.org/data/definitions/89.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Possible SQL injection vector through string-based query construction.",
      "line_number": 25,
      "line_range": [
        25
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
      "test_id": "B608",
      "test_name": "hardcoded_sql_expressions"
    },
    {
      "code": "52 \n53     c.execute(\"UPDATE users SET password = '{}' WHERE username = '{}'\".format(password, username))\n54     conn.commit()\n",
      "col_offset": 14,
      "end_col_offset": 70,
      "filename": "./bad/libuser.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 89,
        "link": "https://cwe.mitre.org/data/definitions/89.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Possible SQL injection vector through string-based query construction.",
      "line_number": 53,
      "line_range": [
        53
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
      "test_id": "B608",
      "test_name": "hardcoded_sql_expressions"
    },
    {
      "code": "28 \n29 app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))\n",
      "col_offset": 0,
      "end_col_offset": 86,
      "filename": "./bad/vulpy-ssl.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 94,
        "link": "https://cwe.mitre.org/data/definitions/94.html"
      },
      "issue_severity": "HIGH",
      "issue_text": "A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.",
      "line_number": 29,
      "line_range": [
        29
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b201_flask_debug_true.html",
      "test_id": "B201",
      "test_name": "flask_debug_true"
    },
    {
      "code": "28 \n29 app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))\n",
      "col_offset": 51,
      "end_col_offset": 67,
      "filename": "./bad/vulpy-ssl.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 377,
        "link": "https://cwe.mitre.org/data/definitions/377.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Probable insecure usage of temp file/directory.",
      "line_number": 29,
      "line_range": [
        29
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
      "test_id": "B108",
      "test_name": "hardcoded_tmp_directory"
    },
    {
      "code": "28 \n29 app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))\n",
      "col_offset": 69,
      "end_col_offset": 84,
      "filename": "./bad/vulpy-ssl.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 377,
        "link": "https://cwe.mitre.org/data/definitions/377.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Probable insecure usage of temp file/directory.",
      "line_number": 29,
      "line_range": [
        29
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
      "test_id": "B108",
      "test_name": "hardcoded_tmp_directory"
    },
    {
      "code": "54 \n55 app.run(debug=True, host='127.0.1.1', port=5000, extra_files='csp.txt')\n",
      "col_offset": 0,
      "end_col_offset": 71,
      "filename": "./bad/vulpy.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 94,
        "link": "https://cwe.mitre.org/data/definitions/94.html"
      },
      "issue_severity": "HIGH",
      "issue_text": "A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.",
      "line_number": 55,
      "line_range": [
        55
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b201_flask_debug_true.html",
      "test_id": "B201",
      "test_name": "flask_debug_true"
    },
    {
      "code": "2 \n3 with open('/tmp/darkweb2017-top10000.txt') as f:\n4     for password in f.readlines():\n",
      "col_offset": 10,
      "end_col_offset": 41,
      "filename": "./good/cutpasswd.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 377,
        "link": "https://cwe.mitre.org/data/definitions/377.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Probable insecure usage of temp file/directory.",
      "line_number": 3,
      "line_range": [
        3
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html",
      "test_id": "B108",
      "test_name": "hardcoded_tmp_directory"
    },
    {
      "code": "60     c = conn.cursor()\n61     c.execute(\"INSERT INTO users (username, password, salt, failures, mfa_enabled, mfa_secret) VALUES ('%s', '%s', '%s', '%d', '%d', '%s')\" %(username, '', '', 0, 0, ''))\n62     conn.commit()\n",
      "col_offset": 14,
      "end_col_offset": 139,
      "filename": "./good/libuser.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 89,
        "link": "https://cwe.mitre.org/data/definitions/89.html"
      },
      "issue_severity": "MEDIUM",
      "issue_text": "Possible SQL injection vector through string-based query construction.",
      "line_number": 61,
      "line_range": [
        61
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html",
      "test_id": "B608",
      "test_name": "hardcoded_sql_expressions"
    },
    {
      "code": "28 \n29 app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))\n",
      "col_offset": 0,
      "end_col_offset": 86,
      "filename": "./good/vulpy-ssl.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 94,
        "link": "https://cwe.mitre.org/data/definitions/94.html"
      },
      "issue_severity": "HIGH",
      "issue_text": "A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.",
      "line_number": 29,
      "line_range": [
        29
      ],
      "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b201_flask_debug_true.html",
      "test_id": "B201",
      "test_name": "flask_debug_true"
    },
    {
      "code": "28 \n29 app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key'))\n",
      "col_offset": 51,
      "end_col_offset": 67,
      "filename": "./good/vulpy-ssl.py",
      "issue_confidence": "MEDIUM",
      "issue_cwe": {
        "id": 377,
        "link": "https://cwe.mitre.org/data/definitions/377.html"
      },
      "issue_severity": "MEDIUM",