Code Journal

6 thoughts
last posted July 28, 2016, 4:04 p.m.

2 earlier thoughts


A recent thing that Jason brought to my attention today was bandit. So without delay, I installed and ran it with defaults against pinax-stripe. It reported three issues that previous static analyzers failed to point out:

Run metrics:
    Total lines of code: 2547
    Total lines skipped (#nosec): 0
    Total issues (by severity):
        Undefined: 0.0
        Low: 3.0
        Medium: 0.0
        High: 0.0
    Total issues (by confidence):
        Undefined: 0.0
        Low: 0.0
        Medium: 0.0
        High: 3.0

All three issues were cases of using pass in a try/except block.

3 later thoughts