Bandit

Bandit takes longer than 1 hour on phonenumbers v8.5.2 library

Bug #1735559 reported by Mark MacVicar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Bandit
New
Medium
Unassigned

Bug Description

Bandit takes longer than 1 hour on phonenumbers v8.5.2 library

Reproduced in Bandit v1.4.0

Reproducible Steps:
# untar the attached library
# run "bandit -r -lll phonenumbers-8.5.2/phonenumbers"

bandit takes over 1 hour to process. I didn't wait for it to complete.

Revision history for this message
Mark MacVicar (mark-macvicar) wrote :
Revision history for this message
Dan Nguyen (daniel-a-nguyen) wrote :

Looks like a lot of time is spent in here initially.

[node_visitor] DEBUG Str(s='474771')
[meta_ast] DEBUG adding node : 0x10c9d9250 [2]
[node_visitor] DEBUG entering: 0x10c9d9250 <class '_ast.Str'> [2]
[node_visitor] DEBUG {'node': <_ast.Str object at 0x10c9d9250>, 'imports': set(['util.u']), 'filename': 'phonenumbers-8.5.2/phonenumbers/carrierdata/data0.py', 'linerange': [4969], 'lineno': 4969, 'import_aliases': {'u': 'util.u'}}
[node_visitor] DEBUG visit_Str called (Str(s='474771'))

There is a fairly large hard-coded dictionary that is probably not the most performant.

Revision history for this message
Travis McPeak (travis-mcpeak) wrote : Re: [Bug 1735559] Re: Bandit takes longer than 1 hour on phonenumbers v8.5.2 library

Out of curiosity - how big is the string?

On Fri, Dec 1, 2017, 3:10 PM Dan Nguyen <email address hidden> wrote:

> Looks like a lot of time is spent in here initially.
>
> [node_visitor] DEBUG Str(s='474771')
> [meta_ast] DEBUG adding node : 0x10c9d9250 [2]
> [node_visitor] DEBUG entering: 0x10c9d9250 <class '_ast.Str'> [2]
> [node_visitor] DEBUG {'node': <_ast.Str object at 0x10c9d9250>,
> 'imports': set(['util.u']), 'filename':
> 'phonenumbers-8.5.2/phonenumbers/carrierdata/data0.py', 'linerange':
> [4969], 'lineno': 4969, 'import_aliases': {'u': 'util.u'}}
> [node_visitor] DEBUG visit_Str called (Str(s='474771'))
>
> There is a fairly large hard-coded dictionary that is probably not the
> most performant.
>
> --
> You received this bug notification because you are subscribed to Bandit.
> https://bugs.launchpad.net/bugs/1735559
>
> Title:
> Bandit takes longer than 1 hour on phonenumbers v8.5.2 library
>
> Status in Bandit:
> New
>
> Bug description:
> Bandit takes longer than 1 hour on phonenumbers v8.5.2 library
>
> Reproduced in Bandit v1.4.0
>
> Reproducible Steps:
> # untar the attached library
> # run "bandit -r -lll phonenumbers-8.5.2/phonenumbers"
>
> bandit takes over 1 hour to process. I didn't wait for it to complete.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/bandit/+bug/1735559/+subscriptions
>

Revision history for this message
Gage Hugo (gagehugo) wrote :

It looks like the carrierdata, geodata, and tzdata directories contain files with very large hard-coded dictionaries (as mentioned before). Excluding them allows bandit to run in a reasonable amount of time.

bandit -r -lll -x phonenumbers/carrierdata/,phonenumbers/geodata/,phonenumbers/tzdata phonenumbers/

Eric Brown (ericwb)
Changed in bandit:
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.