Fix traceback from trojansource plugin (#1248)

The trojansource plugin functions differently where it doesn't
process a file by AST node. It instead does a line by line search
for suspicious characters.

As a result, it can't rely on the linerange being automatically
set based on values fetched from the node. So it needs to set
the linerange manually.

Fixes: #1246

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>

Author: ericwb

bandit/core/tester.py

@@ -65,7 +65,8 @@ def run_tests(self, raw_context, checktype):
 
                     if result.lineno is None:
                         result.lineno = temp_context["lineno"]
-                    result.linerange = temp_context["linerange"]
+                    if result.linerange == []:
+                        result.linerange = temp_context["linerange"]
                     if result.col_offset == -1:
                         result.col_offset = temp_context["col_offset"]
                     result.end_col_offset = temp_context.get(

bandit/plugins/trojansource.py

@@ -67,11 +67,13 @@ def trojansource(context):
                     "A Python source file contains bidirectional"
                     " control characters (%r)." % char
                 )
-                return bandit.Issue(
+                b_issue = bandit.Issue(
                     severity=bandit.HIGH,
                     confidence=bandit.MEDIUM,
                     cwe=issue.Cwe.INAPPROPRIATE_ENCODING_FOR_OUTPUT_CONTEXT,
                     text=text,
                     lineno=lineno,
                     col_offset=col_offset,
                 )
+                b_issue.linerange = [lineno]
+                return b_issue