Forem

Matt Layman
Matt Layman

Posted on β€’ Originally published at mattlayman.com

Check Web App Security With Bandit - Building SaaS #74

In this episode, I integrated the bandit static analysis tool to do automated security checking of my code before each commit. We talked about pre-commit and how to add in a new hook. After finishing that tool addition, we got deep into Django while removing some messages inserted by django-allauth on sign up.

We began by talking about what the bandit tool does and how it works. Once I explained bandit, I focused on the bandit documentation to see how to add the tool. We found the pre-commit config hook in the bandit README docs.

I set bandit in my .pre-commit-config.yaml. Then we ran all the files through bandit to check the code with:

(venv) $ pre-commit run -a bandit
Enter fullscreen mode Exit fullscreen mode

Bandit reported an error type in my code related to inclusion of assert statements. Since those assert statements are only found in my test code, I added a configuration file so I could skip the false positive errors.

Thankfully, that was the only issue in my project so we wrapped up that tool addition and moved onto a different topic.

After adding bandit, I turned my attention back to the onboarding process. In my sign up flow, the django-allauth packages added alert messages when a user signs up for the first time. This was a poor experience for the onboarding process that I want to present to my future users.

To make the change, I needed to remove certain cookies from the start page. Ultimately, I discovered that the cookie must be removed from the request and the response of the view.

The real challenge in this work turned out to be the test to prove that the change worked. We spent a lot of time looking at the Django source code, the django-allauth code, and the django-test-plus code. It was quite an adventure!

Please leave your appreciation by commenting on this post!

Let's go

Top comments (0)

Image of Datadog

The Essential Toolkit for Front-end Developers

Take a user-centric approach to front-end monitoring that evolves alongside increasingly complex frameworks and single-page applications.

Get The Kit

πŸ‘‹ Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay