Metrics:
Total lines of code: 31
Total lines skipped (#nosec): 0

hardcoded_password_string: Possible hardcoded password: 'admin123'
Test ID: B105
Severity: LOW
Confidence: MEDIUM
CWE: CWE-259
File: examples/unsafe-example/app.py
Line number: 12
More info: https://bandit.readthedocs.io/en/1.9.4/plugins/b105_hardcoded_password_string.html
11	# ❌ 硬编码密码
12	DATABASE_PASSWORD = "admin123"
13	API_KEY = "sk-1234567890abcdef"
blacklist: The pyCrypto library and its module DES are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Test ID: B413
Severity: HIGH
Confidence: HIGH
CWE: CWE-327
File: examples/unsafe-example/app.py
Line number: 16
More info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_imports.html#b413-import-pycrypto
15	# ❌ 使用 DES 加密
16	from Crypto.Cipher import DES
17	def encrypt(data):
blacklist: Use of insecure cipher Crypto.Cipher.DES.new. Replace with a known secure cipher such as AES.
Test ID: B304
Severity: HIGH
Confidence: HIGH
CWE: CWE-327
File: examples/unsafe-example/app.py
Line number: 18
More info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b304-b305-ciphers-and-modes
17	def encrypt(data):
18	    cipher = DES.new(b'8bytekey', DES.MODE_ECB)
19	    return cipher.encrypt(data)
hardcoded_sql_expressions: Possible SQL injection vector through string-based query construction.
Test ID: B608
Severity: MEDIUM
Confidence: LOW
CWE: CWE-89
File: examples/unsafe-example/app.py
Line number: 23
More info: https://bandit.readthedocs.io/en/1.9.4/plugins/b608_hardcoded_sql_expressions.html
22	def get_user(user_id):
23	    query = "SELECT * FROM users WHERE id=%s" % user_id
24	    return query
start_process_with_a_shell: Starting a process with a shell, possible injection detected, security issue.
Test ID: B605
Severity: HIGH
Confidence: HIGH
CWE: CWE-78
File: examples/unsafe-example/app.py
Line number: 30
More info: https://bandit.readthedocs.io/en/1.9.4/plugins/b605_start_process_with_a_shell.html
29	    host = request.args.get('host', 'localhost')
30	    os.system("ping -c 1 " + host)
31
blacklist: Use of possibly insecure function - consider using safer ast.literal_eval.
Test ID: B307
Severity: MEDIUM
Confidence: HIGH
CWE: CWE-78
File: examples/unsafe-example/app.py
Line number: 36
More info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b307-eval
35	    expr = request.args.get('expr', '1+1')
36	    return str(eval(expr))
37
flask_debug_true: A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.
Test ID: B201
Severity: HIGH
Confidence: MEDIUM
CWE: CWE-94
File: examples/unsafe-example/app.py
Line number: 40
More info: https://bandit.readthedocs.io/en/1.9.4/plugins/b201_flask_debug_true.html
39	    # ❌ 调试模式开启
40	    app.run(debug=True, host='0.0.0.0')
hardcoded_bind_all_interfaces: Possible binding to all interfaces.
Test ID: B104
Severity: MEDIUM
Confidence: MEDIUM
CWE: CWE-605
File: examples/unsafe-example/app.py
Line number: 40
More info: https://bandit.readthedocs.io/en/1.9.4/plugins/b104_hardcoded_bind_all_interfaces.html
39	    # ❌ 调试模式开启
40	    app.run(debug=True, host='0.0.0.0')