Describe the bug
B104 currently detects hardcoded wildcard binds when the host literal is "0.0.0.0", but it misses the equivalent Python socket form "".
In Python, socket.bind(("", port)) binds to all available interfaces (INADDR_ANY), which has the same exposure risk as "0.0.0.0".
Reproduction steps
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("", 31137))Expected behavior
Bandit should report B104: hardcoded_bind_all_interfaces for this case
Bandit version
1.9.1 (Default)
Python version
3.14 (Default)
Additional context
No response
Describe the bug
B104currently detects hardcoded wildcard binds when the host literal is"0.0.0.0", but it misses the equivalent Python socket form"".In Python,
socket.bind(("", port))binds to all available interfaces (INADDR_ANY), which has the same exposure risk as"0.0.0.0".Reproduction steps
import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(("", 31137))Expected behavior
Bandit should report B104: hardcoded_bind_all_interfaces for this case
Bandit version
1.9.1 (Default)
Python version
3.14 (Default)
Additional context
No response