-
-
Notifications
You must be signed in to change notification settings - Fork 732
Fix B613 crash when reading from stdin#1361
Merged
ericwb merged 2 commits intoPyCQA:mainfrom Feb 22, 2026
Merged
Conversation
Contributor
Summary
- The trojansource plugin (B613) crashed with
FileNotFoundErrorwhen bandit reads from stdin (bandit -) - The plugin opened
context.filenamedirectly, but for stdin input the filename is the sentinel string'' - Fixed by using
context.file_data(the already-opened binary stream) instead of re-opening the file - This also avoids an unnecessary second file open for regular files
Fixes #1182
Test plan
- Existing
test_trojansourceandtest_trojansource_latin1tests pass - Full functional test suite passes (79/79)
- Manual test:
cat examples/trojansource.py | bandit -now correctly detects bidi characters instead of crashing - Manual test:
echo 'print("hello")' | bandit -works cleanly with no errors -
ruff checkandruff formatpass
Friday
and others
added 2 commits
February 17, 2026 09:08
The trojansource plugin opened `context.filename` directly as a file,
but when reading from stdin the filename is the sentinel string
`''`, causing a FileNotFoundError.
Use `context.file_data` (the already-opened binary stream) instead of
re-opening the file. This fixes stdin support and avoids an unnecessary
second file open for regular files.
Fixes PyCQA#1182
Co-Authored-By: Claude Opus 4.6
but when reading from stdin the filename is the sentinel string
`'
Use `context.file_data` (the already-opened binary stream) instead of
re-opening the file. This fixes stdin support and avoids an unnecessary
second file open for regular files.
Fixes PyCQA#1182
Co-Authored-By: Claude Opus 4.6
for more information, see https://pre-commit.ci
Member
|
Note: unit tests are failing due stestr. Two PRs are proposed to fix: mtreinish/stestr#378 and mtreinish/stestr#377 |
ericwb
approved these changes
Feb 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.