-
|
As written in docs https://bandit.readthedocs.io/en/latest/faq.html i should use the same version as my code. My question is: can I run bandit on py3.12 even when my code is only compatible with py3.7 The reason is that I want to use unified docker image in CI for all py projects, even they are old |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
@ericwb can you help, please? |
Beta Was this translation helpful? Give feedback.
-
|
@v1ack Yes, if you run py3.12 on code designed for py3.7, you may see a couple differences. In particular there are two plugins that check depending on the python version. See:
Both relate to hashlib, only 3.9 and higher has a usedforsecurity argument that it will check for and so it is also not part of the blacklist group of plugins. As a result an issue on hashlib.md5, for example, on py3.8 would be B303 and B324 in py3.9 and greater. |
Beta Was this translation helpful? Give feedback.
@v1ack Yes, if you run py3.12 on code designed for py3.7, you may see a couple differences. In particular there are two plugins that check depending on the python version.
See:
Both relate to hashlib, only 3.9 and higher has a usedforsecurity argument that it will check for and so it is also not part of the blacklist group of plugins. As a result an issue on hashlib.md5, for example, on py3.8 would be B303 and B324 in py3.9 and greater.