Unable to find qualified name for module

[joeypencil]

I'm encountering an info message as mentioned in the discussion title. Does this hinder the actual progress of the security scanning? Details are in the screenshot below.

[HacKanCuBa]

It happened to me, it seems related to the setting application-import-names when running over a file that is not part of said package (I checked again, and it is not related to that setting, my bad)

Running flake8 very verbose:

flake8.checker            MainProcess    741 DEBUG    Running {'name': 'S', 'parameters': {'tree': True, 'filename': True, 'lines': True}, 'parameter_names': ['tree', 'filename', 'lines'], 'plugin': <class 'flake8_bandit.BanditTester'>, 'plugin_name': 'flake8-bandit'} with {'tree': <ast.Module object at 0x7f4f872d3b80>}
Unable to find qualified name for module: module.py

It seems to come from here:

bandit/bandit/core/node_visitor.py

Lines 40 to 47 in 5ff73ff

	try:
	self.namespace = b_utils.get_module_qualname_from_path(fname)
	except b_utils.InvalidModulePath:
	LOG.warning(
	"Unable to find qualified name for module: %s", self.fname
	)
	self.namespace = ""
	LOG.debug("Module qualified name: %s", self.namespace)

So it shouldn't hinder anything, and most things should work as expected

[ericwb]

Can you provide some sample code that Bandit was scanning? In that way, I might be able to explain the error more easily.

[HacKanCuBa]

I doubt it is related, at least to the original poster, but it is emitted for this Invoke tasks file. You can see it in the CI (line 64):

flake8 is configured with application-import-names=blake2signer. I tried removing that line and the warning message wasn't shown (but I got other issues w/ import order because of that) I checked again, and removing that line doesn't make the warning go away, it changes nothing related to this issue, I just thought it did.

LMK if I can be of further help :)

[ntwrkguru]

I see this same error scanning markdown files as well.

[node_visitor]  WARNING Unable to find qualified name for module: CHANGELOG.md
[node_visitor]  WARNING Unable to find qualified name for module: CONTRIBUTING.md
[node_visitor]  WARNING Unable to find qualified name for module: Dockerfile
[node_visitor]  WARNING Unable to find qualified name for module: README.md
[node_visitor]  WARNING Unable to find qualified name for module: SECURITY.md

[john-ingles]

Has there been any movement on this issue? I see the same after adding flake8-bandit to my nox sessions. It doesn't find qualified names for py files in the working directory

[zachliu]

the source code

bandit/bandit/core/utils.py

Lines 139 to 143 in c8d5f77

	(head, tail) = os.path.split(path)
	if head == "" or tail == "":
	raise InvalidModulePath(
	f'Invalid python file path: "{path}" Missing path or file name'
	)

mandates both "head" and "tail"

so we need to make sure the path has both, easy peasy lemon squeezy:

instead of

bandit myfile.py

use

bandit ./myfile.py

[HacKanCuBa]

OMG this works xD
It's so obvious hahahha thanks!! 👏