Bandit

Plugin crashes are not propagated / communicated

Bug #1509105 reported by Stanislaw Pitucha
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Bandit
New
Low
Tim Kelsey

Bug Description

This applies mostly to development, but may affect real run in some way too. On a clean tree:

tox -e py27
# passes
sed -i 's/bandit/hfuiahueiawu/' bandit/plugins/app_debug.py
tox -e py27
# fails with "testtools.matchers._impl.MismatchError: 15 != 0" - shouldn't "plugin's completely broken, ImportError" be visible instead?

This seems like some silent failures are possible.

Revision history for this message
Tim Kelsey (tim-kelsey) wrote :

I'm not quite sure I follow what you mean here, can you elaborate please?

Revision history for this message
Stanislaw Pitucha (stanislaw-pitucha) wrote :

Imagine a situation where bandit missed installing some dependency, or some installed dependency is broken. That may result in ImportError when loading the plugin, rather than some exception at plugin runtime.

Currently, from the tests it looks like that kind of error is not propagated properly. This test failed, because it found 0 errors where 15 were expected, and not explicitly because the plugin failed to initialize.

But silent failures are not good for users or developers. Users should get a clear error that plugins failed to load (likely critical, app-stopping error), while developers should get a fail-fast at the place of a problem to make debugging easier.

Tim Kelsey (tim-kelsey)
Changed in bandit:
assignee: nobody → Tim Kelsey (tim-kelsey)
Revision history for this message
Travis McPeak (travis-mcpeak) wrote :

What's the status of this?

Revision history for this message
Travis McPeak (travis-mcpeak) wrote :

Ping...

Luke Hinds (lhinds)
Changed in bandit:
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.