Unable to find qualified name

[bje-]

Describe the bug

Running bandit on a single source file in the current directory does not seem to work. It produces a warning:

WARNING Unable to find qualified name for module

I am not sure what the warning is trying to achieve?

Reproduction steps

1. $ touch dummy.py
2. $ bandit dummy.py  # produces the warning
3. $ bandit ./dummy.py  # does not produce the warning

Expected behavior

No warning should be produced.

Bandit version

1.7.4 (Default)

Python version

3.8

Additional context

No response

[mportesdev]

It's just a warning which doesn't mean that the file is not processed. If you add some content to dummy.py (e.g. exec('pass')) you will see that bandit dummy.py and bandit ./dummy.py will yield the same test results.

[bje-]

That warning is produced in both cases.

$ cat dummy.py 
exec('pass')
$ bandit dummy.py | grep WARN
[node_visitor]  WARNING Unable to find qualified name for module: dummy.py

[mportesdev]

Yes, but despite the warning, bandit will do the job, i.e. scan the file and report the issue. The warning is emitted in cases where the python file is not a submodule of a package.

[bje-]

OK. I have some driver scripts that sit at the top-level of my source tree and every bandit run produces this warning. Could it be suppressed with -q?

[mportesdev]

I guess it would make sense to increase the logging level to ERROR in quiet mode -- would be consistent with the CLI help message only show output in the case of an error (source) and the manager docstring :param quiet: Whether to only show output in the case of an error (source).