Unhandled exception happened: 'graphene-django'

[Darkborderman]

safety version: 2.3.5 Python version: 3.8.13 Operating System: MacOS Ventura 13.3.1 (a)

Description

Our Github Action encounters fails when checking requirements today.

It looks like insecure_full.json differs sometimes when safety try to retrieve it.

Expected result:

• safety should report graphene-djago issue with Vulnerability ID 55237

  -> Vulnerability found in graphene-django version 2.15.0
  Vulnerability ID: 55237
  Affected spec: <3.0.1
  ADVISORY: Graphene-django 3.0.1 updates its NPM dependency 'graphiql'
  to v1.4.7 to fix a potential vulnerability.
  CVE-2021-41248
  For more information, please visit https://pyup.io/v/55237/f17

What I Did

The error context when running safety check:

Unhandled exception happened: 'graphene-django'

The following is the result runs with safety --debug check

I also dump success/fail insecure_full.json to gist.

2023-05-31 13:28:00,930 safety.cli => Telemetry enabled: True
2023-05-31 13:28:00,931 safety.cli => Running check command
2023-05-31 13:28:01,089 safety.cli => Calling the check function
2023-05-31 13:28:01,100 safety.util => Telemetry body built: {'os_type': 'Darwin', 'os_release': '22.4.0', 'os_description': 'macOS-13.3.1-x86_64-i386-64bit', 'python_version': '3.8.13', 'safety_command': 'check', 'safety_options': {}, 'safety_version': '2.3.5', 'safety_source': 'cli'}
2023-05-31 13:28:01,108 urllib3.connectionpool => Starting new HTTPS connection (1): pyup.io:443
2023-05-31 13:28:01,158 urllib3.connectionpool => https://pyup.io:443 "GET /aws/safety/free/insecure.json?telemetry=%7B%22os_type%22%3A+%22Darwin%22%2C+%22os_release%22%3A+%2222.4.0%22%2C+%22os_description%22%3A+%22macOS-13.3.1-x86_64-i386-64bit%22%2C+%22python_version%22%3A+%223.8.13%22%2C+%22safety_command%22%3A+%22check%22%2C+%22safety_options%22%3A+%7B%7D%2C+%22safety_version%22%3A+%222.3.5%22%2C+%22safety_source%22%3A+%22cli%22%7D HTTP/1.1" 200 117782
2023-05-31 13:28:01,169 safety.util => Telemetry body built: {'os_type': 'Darwin', 'os_release': '22.4.0', 'os_description': 'macOS-13.3.1-x86_64-i386-64bit', 'python_version': '3.8.13', 'safety_command': 'check', 'safety_options': {}, 'safety_version': '2.3.5', 'safety_source': 'cli'}
2023-05-31 13:28:01,182 urllib3.connectionpool => https://pyup.io:443 "GET /aws/safety/free/insecure_full.json?telemetry=%7B%22os_type%22%3A+%22Darwin%22%2C+%22os_release%22%3A+%2222.4.0%22%2C+%22os_description%22%3A+%22macOS-13.3.1-x86_64-i386-64bit%22%2C+%22python_version%22%3A+%223.8.13%22%2C+%22safety_command%22%3A+%22check%22%2C+%22safety_options%22%3A+%7B%7D%2C+%22safety_version%22%3A+%222.3.5%22%2C+%22safety_source%22%3A+%22cli%22%7D HTTP/1.1" 200 3777902
2023-05-31 13:28:01,345 safety.cli => Unexpected Exception happened: 'graphene-django'
Traceback (most recent call last):
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/cli.py", line 145, in check
    vulns, db_full = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_vulns=ignore,
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/util.py", line 614, in new_func
    return f(*args, **kwargs)
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/safety.py", line 345, in check
    for data in get_vulnerabilities(pkg=name, spec=specifier, db=db_full):
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/safety.py", line 231, in get_vulnerabilities
    for entry in db[pkg]:
KeyError: 'graphene-django'
Unhandled exception happened: 'graphene-django'
2023-05-31 13:28:01,346 safety.cli => Calling clean up on close function.
2023-05-31 13:28:01,346 safety.safety => Closing requests session.

[yeisonvargasf]

Thank you for your detailed report @Darkborderman; we've identified the cause of this issue and are working to fix it as soon as possible.

It's a caching issue. As you can see, you're receiving an insecure_full.json with a different date.

[dylanpulver]

Duplicate of this issue: https://github.com/pyupio/safety/issues/490