search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.66k stars 141 forks source link

safety check is done successfully but exit code is 255 #363

Closed ctfer-Stao closed 2 years ago

ctfer-Stao commented 2 years ago

Description

I use safety to check dependence.It print success result but exit code is 255 my shell command is safety check

What I Did

ctfer-Stao commented 2 years ago
 ~  safety check +==============================================================================+ /$$$$$$ /$$ /$$__ $$ $$ /$$$$$$$ /$$$$$$ $$ __//$$$$$$ /$$$$$$ /$$ /$$ /$$_____/ ____ $$ $$$$ /$$__ $$ $$/ $$ $$ $$$$$$ /$$$$$$$ $$_/ $$$$$$$$ $$ $$ $$ __ $$ /$$ $$ $$ $$_____/ $$ /$$ $$ $$ /$$$$$$$/ $$$$$$$ $$ $$$$$$$ $$$$/ $$$$$$$ / \/ / _____/ _/ __ $$ /$$ $$ $$$$$$/ by pyup.io ______/

+==============================================================================+ | REPORT | | checked 81 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | lxml | 4.5.0 | <4.6.2 | 39194 | | lxml | 4.5.0 | <4.6.3 | 40072 | | lxml | 4.5.0 | <4.6.5 | 43366 | | aiohttp | 3.7.4.pos | <3.8.0 | 42692 | +==============================================================================+ ✘  ~  echo $? 255

yeisonvargasf commented 2 years ago

Hi @ctfer-Stao thanks for reporting this, we are working in a full and standard support of exit codes, this probably is happening because the line below, -1 isn't a good exit code and it is falling back to 255 exit code.

https://github.com/pyupio/safety/blob/7d1448e844c1578bb1a488bffd3b8d1735c2c4bb/safety/cli.py#L85

victor-mariano-leite commented 2 years ago

@ctfer-Stao I just had this error too, a bad workaround is too add an OR condition to the bash command:

safety check --full-report || true

This way the error message will show completely since the exit error is ignored. In my case there was a urllib3 and numpy vulnerability that I've added to ignore (specific case where it's a famous service locked dependency).

Might be good for debug, but remember to remove later, || true it's just too flexible, and when the bug is corrected we can forget there as it is.

yeisonvargasf commented 2 years ago

New Safety version 2.0 supports better exit code handling; please use the last beta version 2.0b5