search

eternnoir / pyTelegramBotAPI

Python Telegram bot api.
GNU General Public License v2.0
8.02k stars 2.02k forks source link

Error in pip library #2309

Closed Visoff closed 3 months ago

Visoff commented 3 months ago

I'm using (what pip says) the latest version of telebot(4.19.1) with python 3.11 and pip 24.0, but I was getting some strange errors related to message json parsing in types.py of telebot source, I went to github and pulled a copy to my machince, everything seemed to work fine, then I checked $path_to_python_venv/lib/..../telebot/types.py and found that at least on de_json function was different from what I've seen in github repo, it was de_json and init methods related to UsersShared class, starting at line 9135 of types.py file

Methods in github:

    @classmethod
    def de_json(cls, json_string):
        if json_string is None: return None
        obj = cls.check_json(json_string)
        obj['users'] = [SharedUser.de_json(user) for user in obj['users']]
        return cls(**obj)

    def __init__(self, request_id, users: List[SharedUser], **kwargs):
        self.request_id = request_id
        self.users = users

Methods in pip library:

    @classmethod
    def de_json(cls, json_string):
        if json_string is None: return None
        obj = cls.check_json(json_string)
        obj['user_ids'] = [SharedUser.de_json(user) for user in obj['user_ids']]
        return cls(**obj)

    def __init__(self, request_id, user_ids: List[SharedUser], **kwargs):
        self.request_id = request_id
        self.user_ids = user_ids
coder2020official commented 3 months ago

This was probably a bug

Visoff commented 3 months ago

Yeah, probably, but I ran into it even after reinstalling library and I was getting it even in docker container so it could be related to library configurations in pip registery. Also, this "bug" crashes the whole app if it sees message with shared_users and some dude could crash every telebot app by sending some person to the chat with it so it's quite dangerous

coder2020official commented 3 months ago

You will need to install github version as told in the readme then, NOT using pip. @Badiboy the recent version 4.19.1 does not contain the fix, does it?

Visoff commented 3 months ago

The catch is that in this github repo in /telebot/version.py it says 4.19.1 and package version is also 4.19.1 but code is different.

And this version(from repo) contains the fix, it's fine, I modified my local library and it worked but the situation, where I could crash any telebot app scares me

coder2020official commented 3 months ago

Only bots using users shared are affected, no? Seems like if you do not have a button to share users, you are not affected, so you will not be able to crash most of telebot bots.

coder2020official commented 3 months ago

And it is not a catch. Versions are updated before release.

Visoff commented 3 months ago

Oh, I wrongly assumed that you are able to send this type of messages freely, like contacts...

So pip just lies to us like that? By displaying the version that is technically not released yet

Visoff commented 3 months ago

Oh, I just found how version tracking actually works here

Tysm for your time, explanation and solution

Badiboy commented 3 months ago

@Badiboy the recent version 4.19.1 does not contain the fix, does it?

It does not. SharedUsers were fixed later. I'll try to push 14.19.2 update.