search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.66k stars 141 forks source link

Unhandled exception happened: 'graphene-django' #474

Open Darkborderman opened 1 year ago

Darkborderman commented 1 year ago

safety version: 2.3.5 Python version: 3.8.13 Operating System: MacOS Ventura 13.3.1 (a)

Description

Our Github Action encounters fails when checking requirements today.

It looks like insecure_full.json differs sometimes when safety try to retrieve it.

Expected result:

What I Did

The error context when running safety check:

Unhandled exception happened: 'graphene-django'

The following is the result runs with safety --debug check

I also dump success/fail insecure_full.json to gist.

2023-05-31 13:28:00,930 safety.cli => Telemetry enabled: True
2023-05-31 13:28:00,931 safety.cli => Running check command
2023-05-31 13:28:01,089 safety.cli => Calling the check function
2023-05-31 13:28:01,100 safety.util => Telemetry body built: {'os_type': 'Darwin', 'os_release': '22.4.0', 'os_description': 'macOS-13.3.1-x86_64-i386-64bit', 'python_version': '3.8.13', 'safety_command': 'check', 'safety_options': {}, 'safety_version': '2.3.5', 'safety_source': 'cli'}
2023-05-31 13:28:01,108 urllib3.connectionpool => Starting new HTTPS connection (1): pyup.io:443
2023-05-31 13:28:01,158 urllib3.connectionpool => https://pyup.io:443 "GET /aws/safety/free/insecure.json?telemetry=%7B%22os_type%22%3A+%22Darwin%22%2C+%22os_release%22%3A+%2222.4.0%22%2C+%22os_description%22%3A+%22macOS-13.3.1-x86_64-i386-64bit%22%2C+%22python_version%22%3A+%223.8.13%22%2C+%22safety_command%22%3A+%22check%22%2C+%22safety_options%22%3A+%7B%7D%2C+%22safety_version%22%3A+%222.3.5%22%2C+%22safety_source%22%3A+%22cli%22%7D HTTP/1.1" 200 117782
2023-05-31 13:28:01,169 safety.util => Telemetry body built: {'os_type': 'Darwin', 'os_release': '22.4.0', 'os_description': 'macOS-13.3.1-x86_64-i386-64bit', 'python_version': '3.8.13', 'safety_command': 'check', 'safety_options': {}, 'safety_version': '2.3.5', 'safety_source': 'cli'}
2023-05-31 13:28:01,182 urllib3.connectionpool => https://pyup.io:443 "GET /aws/safety/free/insecure_full.json?telemetry=%7B%22os_type%22%3A+%22Darwin%22%2C+%22os_release%22%3A+%2222.4.0%22%2C+%22os_description%22%3A+%22macOS-13.3.1-x86_64-i386-64bit%22%2C+%22python_version%22%3A+%223.8.13%22%2C+%22safety_command%22%3A+%22check%22%2C+%22safety_options%22%3A+%7B%7D%2C+%22safety_version%22%3A+%222.3.5%22%2C+%22safety_source%22%3A+%22cli%22%7D HTTP/1.1" 200 3777902
2023-05-31 13:28:01,345 safety.cli => Unexpected Exception happened: 'graphene-django'
Traceback (most recent call last):
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/cli.py", line 145, in check
    vulns, db_full = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_vulns=ignore,
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/util.py", line 614, in new_func
    return f(*args, **kwargs)
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/safety.py", line 345, in check
    for data in get_vulnerabilities(pkg=name, spec=specifier, db=db_full):
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/safety.py", line 231, in get_vulnerabilities
    for entry in db[pkg]:
KeyError: 'graphene-django'
Unhandled exception happened: 'graphene-django'
2023-05-31 13:28:01,346 safety.cli => Calling clean up on close function.
2023-05-31 13:28:01,346 safety.safety => Closing requests session.
yeisonvargasf commented 1 year ago

Thank you for your detailed report @Darkborderman; we've identified the cause of this issue and are working to fix it as soon as possible.

It's a caching issue. As you can see, you're receiving an insecure_full.json with a different date.