bandit icon indicating copy to clipboard operation
bandit copied to clipboard
verified publisher icon PyCQA

Line range incorrect for a mult-line call (Python 3.7 only)

Open ericwb opened this issue 3 years ago • 1 comments

Describe the bug

The end line number of an issue in a multi-line call is off by 1. It's reporting one less than actual end line number.

Reproduction steps

1 from paramiko import client
2
3 def test():
4    if True:
5         ssh_client = client.SSHClient()
6         ssh_client.set_missing_host_key_policy(
7             client.AutoAddPolicy
8         )
9     ssh_client.set_missing_host_key_policy(client.WarningPolicy)

  1. Create a file no_host_key_verification.py using code above

  2. Run bandit no_host_key_verification.py

  3. Notice in the output of the first issue: Location: examples/no_host_key_verification.py:6:8

    The 6 is the starting line number and 8 is the end line number of the call that is an issue.

Expected behavior

The output should be indicating Location: examples/no_host_key_verification.py:6:9

that's because the ")" on line 9 is the true end of the call statement.

Bandit version

1.7.2 (Default)

Python version

3.7 only, fixed in 3.8+

Additional context

No response

ericwb avatar Feb 22 '22 23:02 ericwb

Note: Python 3.8 ast module added a end_lineno of a node in addition to the existing lineno. https://docs.python.org/3.8/library/ast.html#ast.AST.end_lineno

ericwb avatar Feb 22 '22 23:02 ericwb

Python 3.7 no longer supported, so this issue is not applicable.

ericwb avatar Jan 24 '24 02:01 ericwb