search

PiotrDabkowski / Js2Py

JavaScript to Python Translator & JavaScript interpreter written in 100% pure Python🚀 Try it online:
http://piter.io/projects/js2py
MIT License
2.45k stars 259 forks source link

[BUG] Undefined symbols in __all__ #331

Open ZuhairORZaki opened 3 weeks ago

ZuhairORZaki commented 3 weeks ago

Overview

In file: init.py, __all__ includes undefined symbols Node,WrappingNode,node_to_dict, translate. This will cause an ImportError when importing the module using star import i.e. from js2py.translators import *.

Possible Fix

One way to fix this issue would be to remove the undefined symbols if they are not needed.

--- /workspace/source/js2py/translators/__init__.py
+++ /workspace/source/js2py/translators/__init__.py
@@ -18,10 +18,9 @@
 # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
 #  OR THE USE OR OTHER DEALINGS IN THE SOFTWARE

__all__ = [
-    'PyJsParser', 'Node', 'WrappingNode', 'node_to_dict', 'parse',
-    'translate_js', 'translate', 'syntax_tree_translate', 'DEFAULT_HEADER'
+    'PyJsParser', 'parse', 'translate_js', 'syntax_tree_translate', 'DEFAULT_HEADER'
]
 __author__ = 'Piotr Dabkowski'
 __version__ = '2.2.0'
 from pyjsparser import PyJsParser

Notes from Triage Team

There is an import statement which imports trasnlate rather than translate.

from .translator import translate_js, trasnlate, syntax_tree_translate, DEFAULT_HEADER

This may be causing the translate symbol to become undefined.

Sponsorship and Support:

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.

The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.

potiuk commented 2 weeks ago

Hello here. I am an Apache Airflow maintainer - and we are looking - together with Open Refactory and Alpha-Omega at improving Apache Airflow's Supply Chain security. This one is one of the bugs we found during the checks. We are going to talk about the whole project we are running soon at Airflow Summit - https://airflowsummit.org/ and it would be great to have more succeess stories (we are just starting and expect more activities to come)

Would it be possible to prioritise this fix ?