From 90f031c9735639a5049f742c8f5cf4eb8fc8b055 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Sat, 13 Jan 2018 21:58:15 -0600
Subject: [PATCH] Fix infinite loop issue

Running bandit using relative paths inside a subdirectory when the current
directory contains __init__.py causes bandit to be stuck in an infinite
loop.

Co-Authored-By: Calvin Li
Closes-Bug: #1743042
Change-Id: I247108c1365847134ee561073ea0eb43c57b54cc
---
 bandit/core/utils.py                       | 2 +-
 examples/__init__.py                       | 0
 examples/init-py-test/__init__.py          | 0
 examples/init-py-test/subdirectory-okay.py | 3 +++
 setup.cfg                                  | 2 ++
 tests/functional/test_functional.py        | 8 ++++++++
 6 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 examples/__init__.py
 create mode 100644 examples/init-py-test/__init__.py
 create mode 100644 examples/init-py-test/subdirectory-okay.py

diff --git a/bandit/core/utils.py b/bandit/core/utils.py
index d637a6b2..a16f5642 100644
--- a/bandit/core/utils.py
+++ b/bandit/core/utils.py
@@ -151,7 +151,7 @@ def get_module_qualname_from_path(path):
                                 ' Missing path or file name' % (path))
 
     qname = [os.path.splitext(tail)[0]]
-    while head not in ['/', '.']:
+    while head not in ['/', '.', '']:
         if os.path.isfile(os.path.join(head, '__init__.py')):
             (head, tail) = os.path.split(head)
             qname.insert(0, tail)
diff --git a/examples/__init__.py b/examples/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/examples/init-py-test/__init__.py b/examples/init-py-test/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/examples/init-py-test/subdirectory-okay.py b/examples/init-py-test/subdirectory-okay.py
new file mode 100644
index 00000000..8feea28a
--- /dev/null
+++ b/examples/init-py-test/subdirectory-okay.py
@@ -0,0 +1,3 @@
+# A sample test file in a subdirectory and its parents both containing
+# an __init__.py file outlined in bug/1743042.
+print('hopefully no vulnerabilities here')
diff --git a/setup.cfg b/setup.cfg
index 100b6ce6..ddd7b9ae 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -121,6 +121,8 @@ source-dir = doc/source
 
 [pbr]
 autodoc_tree_index_modules = True
+autodoc_tree_excludes =
+  examples*
 
 [bdist_wheel]
 universal = 1
diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
index 58ec5996..3b1f475c 100644
--- a/tests/functional/test_functional.py
+++ b/tests/functional/test_functional.py
@@ -285,6 +285,14 @@ class FunctionalTests(testtools.TestCase):
         }
         self.check_example('okay.py', expect)
 
+    def test_subdirectory_okay(self):
+        '''Test a vulnerability-free file under a subdirectory.'''
+        expect = {
+            'SEVERITY': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 0},
+            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 0}
+        }
+        self.check_example('init-py-test/subdirectory-okay.py', expect)
+
     def test_os_chmod(self):
         '''Test setting file permissions.'''
         filename = 'os-chmod-{}.py'