Add notes to the README about Bandit on Python 3.4
Change-Id: I6cc420898fc5654486c5b57aca0e362d9d5a5ce8
This commit is contained in:
parent
6279a2f984
commit
c901376203
21
README.md
21
README.md
|
@ -23,6 +23,8 @@ Bandit is distributed on PyPI. The best way to install it is with pip:
|
|||
***Install Bandit:***
|
||||
|
||||
pip install bandit
|
||||
# Or, if you're working with a Python 3 project
|
||||
pip3.4 install bandit
|
||||
|
||||
***Run Bandit:***
|
||||
|
||||
|
@ -170,9 +172,28 @@ You can test any changes with tox:
|
|||
pip install tox
|
||||
tox -e pep8
|
||||
tox -e py27
|
||||
tox -e py34
|
||||
tox -e cover
|
||||
|
||||
|
||||
Under Which Version of Python Should I Install Bandit?
|
||||
------------------------------------------------------
|
||||
The answer to this question depends on the project(s) you will be running
|
||||
Bandit against. If your project is only compatible with Python 2.7, you
|
||||
should install Bandit to run under Python 2.7. If your project is only
|
||||
compatible with Python 3.4, then use 3.4. If your project supports both, you
|
||||
*could* run Bandit with both versions but you don't have to.
|
||||
|
||||
Bandit uses the `ast` module from Python's standard library in order to
|
||||
analyze your Python code. The `ast` module is only able to parse Python code
|
||||
that is valid in the version of the interpreter from which it is imported. In
|
||||
other words, if you try to use Python 2.7's `ast` module to parse code written
|
||||
for 3.4 that uses, for example, `yield from` with asyncio, then you'll have
|
||||
syntax errors that will prevent Bandit from working properly. Alternatively,
|
||||
if you are relying on 2.7's octal notation of `0777` then you'll have a syntax
|
||||
error if you run Bandit on 3.4.
|
||||
|
||||
|
||||
References
|
||||
==========
|
||||
|
||||
|
|
Loading…
Reference in New Issue