hardcoded_sql_expressions dumping traceback errors
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bandit |
Fix Released
|
High
|
Tim Kelsey |
Bug Description
The latest bandit (from source) is showing traceback errors from the hardcoded_
To recreate:
git clone https:/
git clone https:/
cd bandit
tox -e py27
.tox/py27/
jenkins@
[bandit] INFO using config: /home/jenkins/
[bandit] INFO running on Python 2.7.6
1418 [0.. /home/jenkins/
% word_list_path)
50.. 100.. 150.. 200.. 250.. 300.. 350.. [tester] ERROR Bandit internal error running: hardcoded_
File "/home/
result = test(context)
File "/home/
val = _evaluate_
File "/home/
name = utils.get_
File "/home/
return (func.attr if isinstance(func, ast.Attribute) else func.id)
AttributeError: 'Call' object has no attribute 'id'
[tester] ERROR Bandit internal error running: hardcoded_
File "/home/
result = test(context)
File "/home/
val = _evaluate_
File "/home/
name = utils.get_
File "/home/
return (func.attr if isinstance(func, ast.Attribute) else func.id)
AttributeError: 'Call' object has no attribute 'id'
Changed in bandit: | |
importance: | Undecided → High |
Changed in bandit: | |
assignee: | nobody → Tim Kelsey (tim-kelsey) |
what an interesting edge case :) this happens because a call node gets wrapped in a call node. This odd ast structure happens when calling a function returned from a function, like so:
def derp():
def herp():
print "meta!"
return herp
derp()()