Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Errors when doing dynamic imports
See original GitHub issueDescribe the bug When the module to be imported is constructed within the code, rather than a fixed string, bandit throws an error:
ERROR Bandit internal error running: blacklist on file /home/nighty/workspaces/cegeka/usd_api/api_documentation/views.py at line 125: expected string or bufferTraceback (most recent call last):
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/tester.py", line 62, in run_tests
result = test(context, test._config)
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/blacklisting.py", line 62, in blacklist
if fnmatch.fnmatch(name, qn):
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 43, in fnmatch
return fnmatchcase(name, pat)
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 83, in fnmatchcase
return re_pat.match(name) is not None
TypeError: expected string or buffer
The code that led to this error is as follows:
def get_config_content(config):
CONFIG_MAP = {
# bunch of key/value pairs
}
return importlib.import_module('api_usd.api_configs.%s' % CONFIG_MAP[config])
Going into the debugger, I see that the name of the module to be imported is determined on line 59 in bandit/core/blacklisting.py:
> /home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/blacklisting.py(59)blacklist()
58 if name in ["importlib.import_module", "importlib.__import__"]:
---> 59 name = context.call_args[0]
60 for check in blacklists[node_type]:
ipdb> context.call_args[0]
ipdb> context.call_args
[None]
The errors are thrown while bandit is drawing the “progress bar”, interspersing progress bar fragments with multi-line stack traces:
$ bandit -r $PWD -f json -x migrations,djangoconf -o bandit-results.json
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
362 [0.. [tester] ERROR Bandit internal error running: blacklist on file /home/nighty/workspaces/cegeka/usd_api/api_documentation/views.py at line 125: expected string or bufferTraceback (most recent call last):
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/tester.py", line 62, in run_tests
result = test(context, test._config)
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/blacklisting.py", line 62, in blacklist
if fnmatch.fnmatch(name, qn):
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 43, in fnmatch
return fnmatchcase(name, pat)
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 83, in fnmatchcase
return re_pat.match(name) is not None
TypeError: expected string or buffer
50.. 100.. [tester] ERROR Bandit internal error running: blacklist on file /home/nighty/workspaces/cegeka/usd_api/api_usd/management/commands/api_usd_trigger_processor.py at line 238: expected string or bufferTraceback (most recent call last):
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/tester.py", line 62, in run_tests
result = test(context, test._config)
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/blacklisting.py", line 62, in blacklist
if fnmatch.fnmatch(name, qn):
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 43, in fnmatch
return fnmatchcase(name, pat)
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 83, in fnmatchcase
return re_pat.match(name) is not None
TypeError: expected string or buffer
150.. 200.. 250.. [tester] ERROR Bandit internal error running: blacklist on file /home/nighty/workspaces/cegeka/usd_api/usd/management/commands/trigger_processor.py at line 87: expected string or bufferTraceback (most recent call last):
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/tester.py", line 62, in run_tests
result = test(context, test._config)
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/blacklisting.py", line 62, in blacklist
if fnmatch.fnmatch(name, qn):
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 43, in fnmatch
return fnmatchcase(name, pat)
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 83, in fnmatchcase
return re_pat.match(name) is not None
TypeError: expected string or buffer
300.. 350.. [tester] ERROR Bandit internal error running: blacklist on file /home/nighty/workspaces/cegeka/usd_api/utils/resources.py at line 33: expected string or bufferTraceback (most recent call last):
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/tester.py", line 62, in run_tests
result = test(context, test._config)
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/blacklisting.py", line 62, in blacklist
if fnmatch.fnmatch(name, qn):
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 43, in fnmatch
return fnmatchcase(name, pat)
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 83, in fnmatchcase
return re_pat.match(name) is not None
TypeError: expected string or buffer
[tester] ERROR Bandit internal error running: blacklist on file /home/nighty/workspaces/cegeka/usd_api/utils/resources.py at line 41: expected string or bufferTraceback (most recent call last):
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/tester.py", line 62, in run_tests
result = test(context, test._config)
File "/home/nighty/.virtualenvs/usd_api/local/lib/python2.7/site-packages/bandit/core/blacklisting.py", line 62, in blacklist
if fnmatch.fnmatch(name, qn):
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 43, in fnmatch
return fnmatchcase(name, pat)
File "/home/nighty/.virtualenvs/usd_api/lib/python2.7/fnmatch.py", line 83, in fnmatchcase
return re_pat.match(name) is not None
TypeError: expected string or buffer
]
[json] INFO JSON output written to file: bandit-results.json
Not sure what should happen here: set to empty string, so that it never matches the problematic imports? Or add a mechanism that recognises this type of dynamic import and raises a warning, since this could be used to load a problematic module? I’m leaning towards the second.
To Reproduce Steps to reproduce the behavior:
- Add a dynamically resolved import to your code; see above description for example code.
- Run bandit against that code.
- Observe the drawing of the “progress bar” being interrupted with a stacktrace.
Expected behavior This style of importing should probably be treated as potentially dangerous, and be added to the report as such. It should not display a stacktrace on the console.
Bandit version
bandit 1.4.1
python version = 2.7.14 (default, Sep 23 2017, 22:06:14) [GCC 7.2.0]
Additional context Tested on the latest commit at the time of writing: 0d9551c
Issue Analytics
- State:
- Created 5 years ago
- Reactions:2
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Catching dynamic import errors · Issue #7480 · vercel/next.js
Hi, failing to resolve the import during build is different than failing to load it during runtime. During runtime .catch() can be used...
Read more >Dynamic Import, Code Splitting, Lazy Loading, and Error ...
You will encounter the error: “Cannot find module with dynamic import.” This error comes from Webpack, which is used by Create React App....
Read more >Python dynamic imports of .so files throws several errors
When I load libkit I get an error as well: ImportError: dynamic module does not define module export function (PyInit_libkit).
Read more >Confusing error message when using dynamic import with ...
If I run import("./foo.js") where foo.js does not exist I already get a good error: TypeError: error loading dynamically imported module.
Read more >error loading dynamically imported module
Fully dynamic statements, such as import(foo), will fail because webpack requires at least some file location information.The import() must contain at least ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’ve bisected it, and the behaviour was introduced in commit bb1bf81856c1467f85ee138b727568d192bd179a
See git-bisect.log for the run log.
Impressed. I’d have thought the fix would be a lot more involved. Tx, evqna!