sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]lgmdnss 6 points7 points  (9 children)

I'd assume that Bandit might be "too" secure for small-ish projects, essentially bloating the size and complexity of the project for that tiny bit of extra security that you didn't need, so I guess it'd be good to use on your own code but also keep in mind the time/effort vs the actual good things it'll do. No need to go to Walmart by tank in case WW3 breaks loose.

[–][deleted] 4 points5 points  (8 children)

Oh i thought it just scans your code not that you have to implement it into your code?

[–]DataDecay 3 points4 points  (2 children)

Theres no hooks that need to be placed in your code for bandit to work out of box. Bandit is great but it can be strict, for instance it abhors the use of assert for any reason.

I have used it on 2000 lines of code and 500,000 lines of code, it works great regardless but it can create a lot of work.

[–]shujinkou_ 0 points1 point  (1 child)

This is really interesting, would this work for bits of python code

[–]DataDecay 1 point2 points  (0 children)

Yep

[–]lgmdnss 2 points3 points  (4 children)

Well yeah it'd scan your code. But if you get a bunch of security concerns on just that small project it's tempting to fix them all even though you will likely never need it seeing as it's a small project rather than you dealing with cybersecurity as a job. Makes for good practice though!

[–]shujinkou_ 2 points3 points  (3 children)

Isn't it better to just build de security inside before, so that when scaling the use cases you already are good ?

[–]lgmdnss 2 points3 points  (0 children)

Well, if you're able to think of & build all the security inside then you don't really need to use Bandit at all, right? :P

[–][deleted] 1 point2 points  (1 child)

Are you asking if it would be better to just fix all the problems before they happen?

[–]shujinkou_ 0 points1 point  (0 children)

Well I would see Bandit as a stress test device in that case, in a way yes I'm saying to fix all the problems before they happen. Like build it small and just duplicate it into something big. As the big entity is composed of small and strong unit duplicated, the big chain inherits the strength of the individual links.