Bandit工具详细使用指南<\/h1>

1. Bandit简介<\/h2>

Bandit是一个用于检查Python代码安全问题的静态分析工具，它通过以下方式工作：<\/p>

处理源代码文件<\/li>
解析出AST抽象语法树<\/li>
对AST节点运行对应的插件<\/li>

扫描结束后生成安全报告<\/li> <\/ul>

项目资源<\/strong>：<\/p>

GitHub地址: https:\/\/github.com\/PyCQA\/bandit<\/a><\/li>
文档: https:\/\/bandit.readthedocs.io\/en\/latest\/<\/a><\/li> <\/ul>
2. 安装与基本使用<\/h2>
安装<\/h3>
pip3 install bandit <\/span><\/span><\/code><\/pre>
基本扫描命令<\/h3>
bandit -r .\/ # 递归扫描当前目录<\/span> <\/span><\/span><\/code><\/pre>
3. 漏洞检测机制<\/h2>
Bandit通过将内置漏洞库与被检测代码对比来发现安全问题。内置插件位于bandit\/plugins<\/code>目录下。<\/p>
可检测的漏洞类型<\/strong>：<\/p>
文件权限问题<\/li> 硬编码密钥<\/li> 硬编码临时目录<\/li> 密码隐私设置问题<\/li> 硬编码SQL语句<\/li>
以及其他多种安全问题<\/li> <\/ul>
4. 自定义漏洞检测<\/h2>
用户可以通过三种方式扩展Bandit的功能：<\/p>
4.1 编写自定义插件<\/h3>
以app_debug.py<\/code>插件为例，检测Flask debug模式是否开启：<\/p>
import<\/span> bandit <\/span><\/span>from<\/span> bandit.core import<\/span> issue <\/span><\/span>from<\/span> bandit.core import<\/span> test_properties as<\/span> test <\/span><\/span> <\/span><\/span>@test<\/span>.<\/span>test_id("B201"<\/span>) <\/span><\/span>@test<\/span>.<\/span>checks("Call"<\/span>) <\/span><\/span>def<\/span> flask_debug_true<\/span>(context): <\/span><\/span> if<\/span> context.<\/span>is_module_imported_like("flask"<\/span>): <\/span><\/span> if<\/span> context.<\/span>call_function_name_qual.<\/span>endswith(".run"<\/span>): <\/span><\/span> if<\/span> context.<\/span>check_call_arg_value("debug"<\/span>, "True"<\/span>): <\/span><\/span> return<\/span> bandit.<\/span>Issue( <\/span><\/span> severity=<\/span>bandit.<\/span>HIGH, <\/span><\/span> confidence=<\/span>bandit.<\/span>MEDIUM, <\/span><\/span> cwe=<\/span>issue.<\/span>Cwe.<\/span>CODE_INJECTION, <\/span><\/span> text=<\/span>"A Flask app appears to be run with debug=True, "<\/span> <\/span><\/span> "which exposes the Werkzeug debugger and allows "<\/span> <\/span><\/span> "the execution of arbitrary code."<\/span>, <\/span><\/span> lineno=<\/span>context.<\/span>get_lineno_for_call_arg("debug"<\/span>), <\/span><\/span> ) <\/span><\/span><\/code><\/pre>关键元素<\/strong>：<\/p> @test.test_id("B201")<\/code>：漏洞编号装饰器（B101-B703）<\/li> @test.checks("Call")<\/code>：检测类型（Call\/Str\/Assert\/Exec等）<\/li> 使用上下文方法检测特定条件<\/li> <\/ul> 4.2 imports.py配置文件<\/h3> 检测危险的import语句，定义了B401-B415漏洞：<\/p> 检测可能导致反序列化漏洞的库<\/li> 可扩展为检测特定版本的漏洞库<\/li> <\/ul> 4.3 calls.py配置文件<\/h3> 检测存在漏洞的调用，定义了B301-B325漏洞：<\/p> 需要同时检测到import和调用<\/li> 匹配格式为包.方法<\/code>（如hashlib.md5<\/code>）<\/li> <\/ul> 5. 源码分析<\/h2> 5.1 项目结构<\/h3> git clone https:\/\/github.com\/PyCQA\/bandit <\/span><\/span>pip3 install -r requirements.txt <\/span><\/span><\/code><\/pre>5.2 入口点<\/h3> bandit\/cli\/main.py<\/code>中的main()<\/code>函数<\/p> 主要参数<\/strong>：<\/p> -r\/--recursive<\/code>：递归扫描子目录<\/li> -t\/--tests<\/code>：指定测试ID<\/li> -s\/--skips<\/code>：跳过特定测试<\/li> -f\/--format<\/code>：输出格式（csv\/html\/json等）<\/li> <\/ul> 5.3 核心流程<\/h3> 初始化<\/strong>：<\/p> b_mgr =<\/span> b_manager.<\/span>BanditManager( <\/span><\/span> b_conf, args.<\/span>agg_type, args.<\/span>debug, <\/span><\/span> profile=<\/span>profile, verbose=<\/span>args.<\/span>verbose, <\/span><\/span> quiet=<\/span>args.<\/span>quiet, ignore_nosec=<\/span>args.<\/span>ignore_nosec <\/span><\/span>) <\/span><\/span><\/code><\/pre><\/li> 文件发现<\/strong>：<\/p> b_mgr.<\/span>discover_files(args.<\/span>targets, args.<\/span>recursive, args.<\/span>excluded_paths) <\/span><\/span><\/code><\/pre><\/li> AST解析<\/strong>：<\/p> f_ast =<\/span> ast.<\/span>parse(data) <\/span><\/span>generic_visit(f_ast) # 遍历AST节点<\/span> <\/span><\/span><\/code><\/pre><\/li> 节点检测<\/strong>：<\/p> visit_Import<\/code>：检测import语句<\/li> visit_Call<\/code>：检测函数调用<\/li> 其他节点类型有对应的visit方法<\/li> <\/ul> <\/li> <\/ol> 6. 实战应用：批量检测GitHub项目<\/h2> 6.1 GitHub搜索API<\/h3> url =<\/span> "https:\/\/api.github.com\/search\/repositories?q=<\/span>{}<\/span>&per_page=<\/span>{}<\/span>&page=<\/span>{}<\/span>"<\/span>.<\/span>format( <\/span><\/span> keyword, per_page, i <\/span><\/span>) <\/span><\/span><\/code><\/pre>注意事项<\/strong>：<\/p> 未认证请求：每分钟最多10次<\/li> 认证请求：每分钟最多30次<\/li> <\/ul> 6.2 自动化检测脚本<\/h3> import<\/span> time <\/span><\/span>import<\/span> requests <\/span><\/span>import<\/span> json <\/span><\/span>import<\/span> os <\/span><\/span>import<\/span> datetime <\/span><\/span>import<\/span> logging <\/span><\/span> <\/span><\/span>MAX_NUM =<\/span> 2<\/span> # 最大页数<\/span> <\/span><\/span> <\/span><\/span>def<\/span> getRepItem<\/span>(keyword, per_page=<\/span>10<\/span>): <\/span><\/span> for<\/span> i in<\/span> range(1<\/span>, MAX_NUM): <\/span><\/span> starttime =<\/span> datetime.<\/span>datetime.<\/span>now() <\/span><\/span> url =<\/span> "https:\/\/api.github.com\/search\/repositories?q=<\/span>{}<\/span>&per_page=<\/span>{}<\/span>&page=<\/span>{}<\/span>"<\/span>.<\/span>format( <\/span><\/span> keyword, per_page, i <\/span><\/span> ) <\/span><\/span> rep =<\/span> requests.<\/span>get(url, timeout=<\/span>5<\/span>) <\/span><\/span> items =<\/span> json.<\/span>loads(rep.<\/span>text)['items'<\/span>] <\/span><\/span> <\/span><\/span> for<\/span> j in<\/span> range(len(items)): <\/span><\/span> rep_url =<\/span> items[j]['html_url'<\/span>] <\/span><\/span> cloneRsp(rep_url) <\/span><\/span> filename =<\/span> rep_url.<\/span>split('\/'<\/span>)[4<\/span>] <\/span><\/span> callBandit(filename) <\/span><\/span> <\/span><\/span> endtime =<\/span> datetime.<\/span>datetime.<\/span>now() <\/span><\/span> checkTime((endtime -<\/span> starttime).<\/span>seconds) <\/span><\/span> return<\/span> <\/span><\/span> <\/span><\/span>def<\/span> cloneRsp<\/span>(url): <\/span><\/span> logging.<\/span>info("clone <\/span>{}<\/span>"<\/span>.<\/span>format(url)) <\/span><\/span> os.<\/span>system('git clone <\/span>{}<\/span>'<\/span>.<\/span>format(url)) <\/span><\/span> <\/span><\/span>def<\/span> callBandit<\/span>(filename): <\/span><\/span> logging.<\/span>info("bandit <\/span>{}<\/span>"<\/span>.<\/span>format(filename)) <\/span><\/span> os.<\/span>system("bandit -r .\/<\/span>{}<\/span> -f html -o .\/<\/span>{}<\/span>\/scan_<\/span>{}<\/span>.html"<\/span>.<\/span>format( <\/span><\/span> filename, filename, filename <\/span><\/span> )) <\/span><\/span> <\/span><\/span>def<\/span> checkTime<\/span>(runtime): <\/span><\/span> logging.<\/span>info("runtime is <\/span>{}<\/span>"<\/span>.<\/span>format(runtime)) <\/span><\/span> if<\/span> runtime <<\/span> 60<\/span>: <\/span><\/span> time.<\/span>sleep(62<\/span> -<\/span> int(runtime)) <\/span><\/span> <\/span><\/span>def<\/span> main<\/span>(): <\/span><\/span> getRepItem("cms+language:python"<\/span>) <\/span><\/span> <\/span><\/span>if<\/span> __name__ ==<\/span> '__main__'<\/span>: <\/span><\/span> main() <\/span><\/span><\/code><\/pre>脚本功能<\/strong>：<\/p> 通过GitHub API搜索项目<\/li> 克隆仓库到本地<\/li> 使用Bandit扫描<\/li> 生成HTML格式报告<\/li> 自动处理API速率限制<\/li> <\/ol> 7. 参考资源<\/h2> Python脚本的脆弱性检测研究与实现_刘佩瑶<\/a><\/li> Bandit官方文档<\/a><\/li> GitHub搜索语法<\/a><\/li> GitHub API速率限制<\/a><\/li> <\/ul>

Bandit工具详细使用指南<\/h1>

2. 安装与基本使用<\/h2>

3. 漏洞检测机制<\/h2> Bandit通过将内置漏洞库与被检测代码对比来发现安全问题。内置插件位于bandit\/plugins<\/code>目录下。<\/p> 可检测的漏洞类型<\/strong>：<\/p>

4. 自定义漏洞检测<\/h2> 用户可以通过三种方式扩展Bandit的功能：<\/p>

5. 源码分析<\/h2>

6. 实战应用：批量检测GitHub项目<\/h2>

7. 参考资源<\/h2> Python脚本的脆弱性检测研究与实现_刘佩瑶<\/a><\/li> Bandit官方文档<\/a><\/li> GitHub搜索语法<\/a><\/li> GitHub API速率限制<\/a><\/li> <\/ul>

4. 自定义漏洞检测<\/h2>
用户可以通过三种方式扩展Bandit的功能：<\/p>

7. 参考资源<\/h2>

Python脚本的脆弱性检测研究与实现_刘佩瑶<\/a><\/li>
Bandit官方文档<\/a><\/li>
GitHub搜索语法<\/a><\/li>
GitHub API速率限制<\/a><\/li> <\/ul>