search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.66k stars 141 forks source link

Unhandled exception happened: 'redis' #471

Open mgedmin opened 1 year ago

mgedmin commented 1 year ago

Description

Our GitLab CI uses a 'python' Docker image to run safety checks, and these suddenly started failing with a mysterious "Unhandled exception happened: 'redis'" message.

$ pip3 install safety
...
Successfully installed Click-8.1.3 certifi-2022.12.7 charset-normalizer-3.1.0 dparse-0.6.2 idna-3.4 packaging-21.3 pyparsing-3.0.9 requests-2.28.2 ruamel.yaml-0.17.21 safety-2.3.5 toml-0.10.2 urllib3-1.26.15
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

[notice] A new release of pip available: 22.3.1 -> 23.1.1
[notice] To update, run: pip install --upgrade pip
$ safety check -r server/requirements.txt --full-report
Unhandled exception happened: 'redis'
ERROR: Job failed: exit code 1

What I Did

pip3 install safety
safety check -r server/requirements.txt --full-report

I'm unable to reproduce this issue locally, even when I use the same 'python' docker image. Instead I get a proper report about a vulnerability in redis (vuln. id 53868).

Corentin-Br commented 1 year ago

It seems to be the insecure_full.json file that is not always correct. On local and on CI, I manage to get both valid and invalid results with enough attempts.

yeisonvargasf commented 1 year ago

@mgedmin and @Corentin-Br, I'm trying to reproduce this issue; I'll be grateful if you can share an anonymized debug from the Safety check command. You can run it with the debug flag:

safety --debug check