"'ExceptHandler' object has no attribute 'depth'"

[scragly]

With Python 3.7 on Ubuntu 16.04, flake8-bandit will fail on the following test script:

def test():
    try:
        a = A()
        a = A()
    except A:
        pass

with the following output:

"pyflakes" failed during execution due to "'ExceptHandler' object has no attribute 'depth'"
Run flake8 with greater verbosity to see more details

Verbose doesn't help with finding out any additional info: https://hastebin.com/suxebuxebo.txt

This issue only occurs with flake8-bandit installed, and occurs with all versions after 1.0.2. Pinning to 1.0.2 does not cause the same issue, but this isn't a great resolution.

I have tried reproducing the issue on an arch based environment without luck, as it only seems to occur on Ubuntu 16.04.

[tylerwince]

Do you know what "Plugin F" is?

flake8-bandit registers with plugin prefix S and it appears this is being thrown by the plugin registered with prefix F, which could potentially be a dependency of this plugin (and thus why it doesn't happen after you remove flake8-bandit).

[asottile]

if you're interested, I've triaged this here: https://gitlab.com/pycqa/flake8/issues/536

[tylerwince]

Thanks @asottile for the triage. Super helpful.

I will try to dig into some of this and see if I can get a patch fix in. Thinking it may be possible to reload the import packages so they aren't monkeypatched after performing the bandit analysis.

I will try to take a look here soon. 👍

[asottile]

It's not the actual packages unfortunately, but the data of the tree object that gets passed through

[tylerwince]

A bug has been created here and we will track the progress there.

I will leave this open until that issue is closed.

[tylerwince]

This has been fixed in Bandit 487 and will be released in the next fix version 1.6.1.

Closing this as there is nothing additional that needs to happen on this ticket

[asottile]

:clap: :clap: :clap: thanks for following this through! the flake8 ecosystem thanks you