-
-
Notifications
You must be signed in to change notification settings - Fork 610
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to find qualified name #907
Comments
It's just a warning which doesn't mean that the file is not processed. If you add some content to dummy.py (e.g. |
That warning is produced in both cases.
|
Yes, but despite the warning, bandit will do the job, i.e. scan the file and report the issue. The warning is emitted in cases where the python file is not a submodule of a package. |
OK. I have some driver scripts that sit at the top-level of my source tree and every bandit run produces this warning. Could it be suppressed with |
The get_module_qualname_from_path() function called by the node visistor expects that all files are explicitly named with a "head" and "tail" which are path delimiters to denote where the file is within a python project. However, if someone uses the command line and simply asks bandit to scan dummy.py in the current working directory, it will be missing the explicit "./" prefix in order for get_module_qualname_from_path to run and determine the module fully qualified name from the path. So this fix simply prepends a dot and delimiter to explicitly denote a file in the current working directory as given from the CLI. Fixes PyCQA#907 Signed-off-by: Eric Brown <[email protected]>
The get_module_qualname_from_path() function called by the node visistor expects that all files are explicitly named with a "head" and "tail" which are path delimiters to denote where the file is within a python project. However, if someone uses the command line and simply asks bandit to scan dummy.py in the current working directory, it will be missing the explicit "./" prefix in order for get_module_qualname_from_path to run and determine the module fully qualified name from the path. So this fix simply prepends a dot and delimiter to explicitly denote a file in the current working directory as given from the CLI. Fixes PyCQA#907 Signed-off-by: Eric Brown <[email protected]>
The get_module_qualname_from_path() function called by the node visistor expects that all files are explicitly named with a "head" and "tail" which are path delimiters to denote where the file is within a python project. However, if someone uses the command line and simply asks bandit to scan dummy.py in the current working directory, it will be missing the explicit "./" prefix in order for get_module_qualname_from_path to run and determine the module fully qualified name from the path. So this fix simply prepends a dot and delimiter to explicitly denote a file in the current working directory as given from the CLI. Fixes #907 Signed-off-by: Eric Brown <[email protected]>
Describe the bug
Running bandit on a single source file in the current directory does not seem to work. It produces a warning:
I am not sure what the warning is trying to achieve?
Reproduction steps
Expected behavior
No warning should be produced.
Bandit version
1.7.4 (Default)
Python version
3.8
Additional context
No response
The text was updated successfully, but these errors were encountered: