Bandit

bandit hangs if current directory contains __init__.py

Bug #1743042 reported by Calvin Li
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Bandit
Fix Released
Undecided
Tin Lam

Bug Description

Hi!

The function bandit.core.utils.get_module_qualname_from_path() examines the filepath from right-to-left looking for a directory without an __init__.py. If bandit is called using relative paths inside a directory that contains a __init__.py, this function enters an infinite loop.

Example:

```
.:
__init__.py test/

./test:
__init__.py test.py
```

Calling bandit with `bandit test/test.py` leads to an infinite loop. `bandit ./test/test.py` gives the expected result (with detected qualname `test.test`).

The following diff to get_module_qualname_from_path() appears to fix the issue:

```
- while head not in ['/', '.']:
+ while head not in ['/', '.', '']:
```

Thanks

Jeremy Liu (liujiong)
Changed in bandit:
assignee: nobody → Jeremy Liu (liujiong)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to bandit (master)

Fix proposed to branch: master
Review: https://review.openstack.org/537242

Changed in bandit:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on bandit (master)

Change abandoned by Jeremy Liu (<email address hidden>) on branch: master
Review: https://review.openstack.org/537242
Reason: dup

Gage Hugo (gagehugo)
Changed in bandit:
assignee: Jeremy Liu (liujiong) → nobody
Tin Lam (lamt)
Changed in bandit:
assignee: nobody → Tin Lam (lamt)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to bandit (master)

Reviewed: https://review.openstack.org/533382
Committed: https://git.openstack.org/cgit/openstack/bandit/commit/?id=90f031c9735639a5049f742c8f5cf4eb8fc8b055
Submitter: Zuul
Branch: master

commit 90f031c9735639a5049f742c8f5cf4eb8fc8b055
Author: Tin Lam <email address hidden>
Date: Sat Jan 13 21:58:15 2018 -0600

    Fix infinite loop issue

    Running bandit using relative paths inside a subdirectory when the current
    directory contains __init__.py causes bandit to be stuck in an infinite
    loop.

    Co-Authored-By: Calvin Li
    Closes-Bug: #1743042
    Change-Id: I247108c1365847134ee561073ea0eb43c57b54cc

Changed in bandit:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.