Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.7.3 breaks on hashlib.sha256() with Python 3.9, works ok with hashlib.new("sha256") #838

Closed
schlenk opened this issue Feb 28, 2022 · 1 comment
Closed

1.7.3 breaks on hashlib.sha256() with Python 3.9, works ok with hashlib.new("sha256") #838

schlenk opened this issue Feb 28, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@schlenk
Copy link

schlenk commented Feb 28, 2022
edited

Describe the bug

Using Python 3.9 and bandit 1.7.3 the code throws a traceback when trying to parse:

hashlib.sha256()

It works correctly with Python 3.8.

[tester]        ERROR   Bandit internal error running: hashlib on file src/oic\oic\__init__.py at line 1329: 'name'Traceback (most recent call last):
  File "c:\users\me\.virtualenvs\pyoidc_offical-l5_fcrz7\lib\site-packages\bandit\core\tester.py", line 53, in run_tests
    result = test(context)
  File "c:\users\me\.virtualenvs\pyoidc_offical-l5_fcrz7\lib\site-packages\bandit\plugins\hashlib_insecure_functions.py", line 115, in hashlib
    return _hashlib_func(context)
  File "c:\users\me\.virtualenvs\pyoidc_offical-l5_fcrz7\lib\site-packages\bandit\plugins\hashlib_insecure_functions.py", line 57, in _hashlib_func
    name = args[0] if args else keywords["name"]
KeyError: 'name'

Reproduction steps

  1. Install Python 3.9
  2. Install bandit 1.7.3
  3. Create trivial file:
import hashlib
hashlib.sha256()
  1. Run bandit and get a traceback

Expected behavior

No traceback. It should work with both hashlib.sha256 and hashlib.new("sha256").

Bandit version

1.7.3 (Default)

Python version

3.9

Additional context

No response
@schlenk schlenk added the bug Something isn't working label Feb 28, 2022
@ericwb
Copy link
Member

ericwb commented Feb 28, 2022

Fixed with #834

@ericwb ericwb closed this as completed Feb 28, 2022
schlenk added a commit to CZ-NIC/pyoidc that referenced this issue Feb 28, 2022
@schlenk
Fix quality tooling (#802)
a1acf4c 
* Fix Black

Black wants it different now.

* Fix problem after requests update

requests changed the error message

* Fix Bandit

- Bandit is a bit too eager flagging hardcoded secrets.
- Bandit 1.7.3 breaks with Py 3.9 PyCQA/bandit#838

* Update pylama.ini

complexity check of mccabe seems to ignore configuration, so ignore for now
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@schlenk @ericwb