Bug: depscan fail to run flask PROVIDE_AUTOMATIC_OPTIONS error

raford-ice commented 2 days ago

Expected Behavior

Run depscan successfully

Actual Behavior

Generating depscan report Traceback (most recent call last): File "/usr/local/bin/depscan", line 5, in from depscan.cli import main File "/usr/local/lib/python3.10/dist-packages/depscan/cli.py", line 64, in app = Quart(name) File "/usr/local/lib/python3.10/dist-packages/quart/app.py", line 338, in init self.add_url_rule( File "/usr/local/lib/python3.10/dist-packages/flask/sansio/scaffold.py", line 47, in wrapper_func return f(self, *args, **kwargs) File "/usr/local/lib/python3.10/dist-packages/flask/sansio/app.py", line 641, in add_url_rule if "OPTIONS" not in methods and self.config["PROVIDE_AUTOMATIC_OPTIONS"]: KeyError: 'PROVIDE_AUTOMATIC_OPTIONS'

Steps to Reproduce

depscan --bom "${REPORT}_sbom.json" --reports-dir "$REPORT_DIR"

Additional Information

Running on azul/zulu-openjdk:21 container image as a CLI command as part of a pipeline. It has been running successfully until recently. On the Docker image, these are the commands to install depscan:

    apt-get update && apt-get install -y \
    nodejs \
    python3.11 \
    python3-pip \
    bazel \
    && rm -rf /var/lib/apt/lists/* && \
    apt-get -qq -y purge --auto-remove curl unzip curl gnupg && \
    npm install -g @cyclonedx/cdxgen && \
    pip install owasp-depscan semgrep

prabhu commented 2 days ago

raford-ice commented 2 days ago

Thanks for sharing this issue. The workaround I have got until quart fixes it, is to add:

pip install Flask==3.0.3 owasp-depscan semgrep

owasp-dep-scan / dep-scan