From bd3e6bd7f12a4a55e7b9960c34b6ab60f22deb50 Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Mon, 15 Jan 2024 19:59:17 -0800 Subject: [PATCH] Prepend ./ for files specified as CLI args The get_module_qualname_from_path() function called by the node visistor expects that all files are explicitly named with a "head" and "tail" which are path delimiters to denote where the file is within a python project. However, if someone uses the command line and simply asks bandit to scan dummy.py in the current working directory, it will be missing the explicit "./" prefix in order for get_module_qualname_from_path to run and determine the module fully qualified name from the path. So this fix simply prepends a dot and delimiter to explicitly denote a file in the current working directory as given from the CLI. Fixes #907 Signed-off-by: Eric Brown --- bandit/core/manager.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bandit/core/manager.py b/bandit/core/manager.py index 57e0e857..0f74eece 100644 --- a/bandit/core/manager.py +++ b/bandit/core/manager.py @@ -249,7 +249,7 @@ def discover_files(self, targets, recursive=False, excluded_paths=""): excluded_path_globs, enforce_glob=False, ): - files_list.add(fname) + files_list.add(os.path.join(".", fname)) else: excluded_files.add(fname)