Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Line range incorrect for a mult-line call (Python 3.7 only) #820

Closed
ericwb opened this issue Feb 22, 2022 · 2 comments
Closed

Line range incorrect for a mult-line call (Python 3.7 only) #820

ericwb opened this issue Feb 22, 2022 · 2 comments
Labels
bug Something isn't working

Comments

@ericwb
Copy link
Member

ericwb commented Feb 22, 2022
edited

Describe the bug

The end line number of an issue in a multi-line call is off by 1. It's reporting one less than actual end line number.

Reproduction steps

1 from paramiko import client
2
3 def test():
4    if True:
5         ssh_client = client.SSHClient()
6         ssh_client.set_missing_host_key_policy(
7             client.AutoAddPolicy
8         )
9     ssh_client.set_missing_host_key_policy(client.WarningPolicy)

  1. Create a file no_host_key_verification.py using code above

  2. Run bandit no_host_key_verification.py

  3. Notice in the output of the first issue:
    Location: examples/no_host_key_verification.py:6:8

    The 6 is the starting line number and 8 is the end line number of the call that is an issue.

Expected behavior

The output should be indicating
Location: examples/no_host_key_verification.py:6:9

that's because the ")" on line 9 is the true end of the call statement.

Bandit version

1.7.2 (Default)

Python version

3.7 only, fixed in 3.8+

Additional context

No response
@ericwb ericwb added the bug Something isn't working label Feb 22, 2022
@ericwb
Copy link
Member Author

ericwb commented Feb 22, 2022
edited

Note: Python 3.8 ast module added a end_lineno of a node in addition to the existing lineno.
https://docs.python.org/3.8/library/ast.html#ast.AST.end_lineno

@ericwb ericwb mentioned this issue Feb 23, 2022
Merged
lukehinds pushed a commit that referenced this issue Mar 6, 2022
@ericwb
Fix line range using Python 3.8 end_lineno (#821)
1c0fc80 
Python 3.8 and above have new ast node attributes to identify the
end line number and end column offset [1].

Python 3.8 also fixes line numbers for multiline strings [2].

This fixes the issue mentioned in #820, but only for Python 3.8+.

[1] https://docs.python.org/3.8/library/ast.html#ast.AST.end_lineno
[2] https://bugs.python.org/issue31241

Signed-off-by: Eric Brown <browne@vmware.com>
@ericwb ericwb changed the title Line range incorrect for a mult-line call Line range incorrect for a mult-line call (Python 3.7 only) Mar 25, 2022
@kfrydel kfrydel mentioned this issue Jul 8, 2022
Merged
@ericwb
Copy link
Member Author

ericwb commented Jan 24, 2024

Python 3.7 no longer supported, so this issue is not applicable.

@ericwb ericwb closed this as completed Jan 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ericwb