简介
昨天想着把代码换成流程图,code2flow、pyflowart都不太理想。。。。想着分析代码、代码质量检查啥的,就查了下选了个针对py的bandit
understand
顺带看了下针对c/c++的understand的windows(500M)版本,怎么说呢,没有license。。。。。看了下除了c/c++,还有Ada、Delphi、VHDL、VB、Fortran、python、c#
最右边的图看出来统计了代码量、注释量、空行量,其它没看懂
bandit
上个月还在更新,好家伙
安装
一句话搞定,会自己安装依赖
$ pip install bandit
Installing collected packages: smmap, pbr, gitdb, stevedore, PyYAML, GitPython, colorama, bandit
Successfully installed GitPython-3.1.12 PyYAML-5.3.1 bandit-1.7.0 colorama-0.4.4 gitdb-4.0.5 pbr-5.5.1 smmap-3.0.4 stevedore-3.3.0
我下载之后看了以下版本1.7.0
$ pip show bandit
Name: bandit
Version: 1.7.0
Summary: Security oriented static analyser for python code.
Home-page: https://bandit.readthedocs.io/en/latest/
Author: PyCQA
Author-email: code-quality@python.org
License: UNKNOWN
Location: d:\program files\python\python39\lib\site-packages
Requires: six, GitPython, stevedore, colorama, PyYAML
Required-by:
查看帮助
bandit -h
开始分析
要分析的代码main.py,
# 获取代码之后进入对应路径,节点树使用样例
bandit -r main.py
分析结果
PS D:\Documents\CAU\Lion\repositiries\Python\snake> bandit -r main.py
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 3.9.0
[node_visitor] INFO Unable to find qualified name for module: main.py
Run started:2021-01-16 11:03:25.797124
Test results:
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Severity: Low Confidence: High
Location: main.py:69
More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random
68 # 目标坐标
69 TARGET = (int(random.randint(XSTART, XEND) / SIZE),
70 int(random.randint(YSTART, YEND) / SIZE))
--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Severity: Low Confidence: High
Location: main.py:70
More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random
69 TARGET = (int(random.randint(XSTART, XEND) / SIZE),
70 int(random.randint(YSTART, YEND) / SIZE))
71 while TARGET in POSITION or TARGET in BLOCK1:
--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Severity: Low Confidence: High
Location: main.py:72
More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random
71 while TARGET in POSITION or TARGET in BLOCK1:
72 TARGET = (int(random.randint(XSTART, XEND) / SIZE),
73 int(random.randint(YSTART, YEND) / SIZE))
--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Severity: Low Confidence: High
Location: main.py:73
More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random
72 TARGET = (int(random.randint(XSTART, XEND) / SIZE),
73 int(random.randint(YSTART, YEND) / SIZE))
74 isFail = False
--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Severity: Low Confidence: High
Location: main.py:211
More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random
210 while TARGET in POSITION or TARGET in BLOCK1: # 生成新目标
211 TARGET = (int(random.randint(XSTART, XEND) / SIZE),
212 int(random.randint(YSTART, YEND) / SIZE))
--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Severity: Low Confidence: High
Location: main.py:212
More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random
211 TARGET = (int(random.randint(XSTART, XEND) / SIZE),
212 int(random.randint(YSTART, YEND) / SIZE))
213 SCORE += 1 # 分数加一
--------------------------------------------------
Code scanned:
Total lines of code: 259
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0.0
Low: 6.0
Medium: 0.0
High: 0.0
Total issues (by confidence):
Undefined: 0.0
Low: 0.0
Medium: 0.0
High: 6.0
Files skipped (0):
报告中提出了六个相同的温馨提示Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes
,翻译成中文就是为随机生成不适合加密目的,所幸我不是用来加密,就是用来伪随机而已。