Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

cannot seek stdin on pipe

See original GitHub issue

Describe the bug There are couple bugs merged into one for stdin parsing

https://github.com/PyCQA/bandit/blob/master/bandit/core/manager.py#L249 self._parse_file(‘<stdin>’, sys.stdin, new_files_list)

Note we are artificially changing the file name from ‘-’ to ‘<stdin>’, which doesn’t exist in the new_file_list

https://github.com/PyCQA/bandit/blob/master/bandit/core/manager.py#L278 fdata.seek(0)

Note OS doesn’t allow seek on pipes/stream stdins, this causes us to fail into general catchall exception clause.

https://github.com/PyCQA/bandit/blob/master/bandit/core/manager.py#L303 new_files_list.remove(fname)

remember back in line 249 we artificially renamed the filename? Here is where it came back and bite us. Since ‘<stdin>’ doesn’t exist in the new_files_list as an item, it hard failed without try catch and dumps a stack trace.

To Reproduce cat blah.py | bandit --debug -

Expected behavior it should either parse the contents of the stdin stream or not having this functionality for pipes

Bandit version

master

Additional context Add any other context about the problem here.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:9 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
tylerwincecommented, May 15, 2019

I feel like this may be desired behavior has we are catching anything that doesn’t have a file on disk and this is one of those cases. Unless @ericwb feels like it should be redesigned, I feel like this is a good solution to the problem once your change on my branch is merged @JuanHuaXu.

1reaction
tylerwincecommented, May 15, 2019

Proposed fix is sitting in PR #496@JuanHuaXu if you have any comments please feel free to make them and please test out this branch to ensure it fixes the behavior you are seeing.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How do I seek in stdin - Stack Overflow
stdin is not seekable. You can read bytes in, but you can't rewind or fast forwards. EOF (-1) means end of input in...
Read more >
Problems when test whether standard input is capable of ...
a.out the stdin cannot seek because it is only a pipe connecting to another process. //4 ./a.out < /var/spool/cron/FIFO :.
Read more >
Pipeline (Unix) - Wikipedia
A pipeline is a set of processes chained together by their standard streams, so that the output text of each process (stdout) is...
Read more >
popen(3) - Linux manual page - man7.org
The popen() function opens a process by creating a pipe, forking, and invoking the shell. Since a pipe is by definition unidirectional, the...
Read more >
Input pipe for ar - linux - Super User
It appears ar needs its input to be seekable, it cannot read from a fifo. ... First of all the tool does not...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Exclude paths in config file ignored if passing specific files to Bandit CLI

Next page

Bandit 1.6.0 no longer respects excluded directories