Skip to content

Python 3.14 support, ast #1314

New issue
New issue
Open
Open
Python 3.14 support, ast#1314
Labels
bugSomething isn't working
@matthewdeanmartin

Description

@matthewdeanmartin
matthewdeanmartin
opened on Oct 7, 2025

Describe the bug

Error on how ast doesn't have certain members now for python 3.14.0

Reproduction steps

exact link to a failing build: https://github.com/matthewdeanmartin/troml_dev_status/actions/runs/18325849385/job/52190022012#step:8:1024

Run bandit on python 3.14.0 final with I think any target source code.


troml_dev_status on  main [?] is 📦 v0.4.3 via 🐍 v3.14.0 (troml-dev-status) took 44s 
❯ bandit --version
python.exe C:\github\troml_dev_status\.venv\Scripts\bandit 1.8.6
  python version = 3.14.0 (tags/v3.14.0:ebf955d, Oct  7 2025, 10:15:03) [MSC v.1944 64 bit (AMD64)]



[manager]       ERROR   Exception occurred when executing tests against troml_dev_status\analysis\pypi.py.
[manager]       ERROR   Run "bandit --debug troml_dev_status\analysis\pypi.py" to see the full traceback.
[tester]        ERROR   Bandit internal error running: start_process_with_partial_path on file troml_dev_status\analysis\readme_eval.py at line 12: module 'ast' has no attribute 'Num'Traceback (most recent call last):
  File "C:\github\troml_dev_status\.venv\Lib\site-packages\bandit\core\tester.py", line 51, in run_tests
    result = test(context, test._config)
  File "C:\github\troml_dev_status\.venv\Lib\site-packages\bandit\plugins\injection_shell.py", line 678, in start_process_with_partial_path
    if config and len(context.call_args):
                      ^^^^^^^^^^^^^^^^^
  File "C:\github\troml_dev_status\.venv\Lib\site-packages\bandit\core\context.py", line 51, in call_args
    args.append(self._get_literal_value(arg))
                ~~~~~~~~~~~~~~~~~~~~~~~^^^^^
  File "C:\github\troml_dev_status\.venv\Lib\site-packages\bandit\core\context.py", line 181, in _get_literal_value
    if isinstance(literal, ast.Num):
                           ^^^^^^^
AttributeError: module 'ast' has no attribute 'Num'




    def _get_literal_value(self, literal):
        """Utility function to turn AST literals into native Python types

        :param literal: The AST literal to convert
        :return: The value of the AST literal
        """
        if isinstance(literal, ast.Num):
            literal_value = literal.n

Expected behavior

It shouldn't reference things that don't exist in 3.14.0 anymore

Bandit version

1.8.3 (Default)

Python version

3.13 (Default)

Additional context

Can't select correct python version nor bandit version above.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions