search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.66k stars 141 forks source link

Safety check fails on `idna` package #526

Closed johnraz closed 1 month ago

johnraz commented 1 month ago

Description

Command safety check fails when idna package is part of the requirements. This was working fine before, my best bet is that the db file changed somehow.

What I Did

> docker run --rm -it python:3.10.0 bash
> pip install safety
> echo idna==2.0.0 | safety --debug 1 check --stdin

This outputs:

2024-05-14 22:19:20,089 urllib3.connectionpool => Starting new HTTPS connection (1): auth.safetycli.com:443
2024-05-14 22:19:20,199 urllib3.connectionpool => https://auth.safetycli.com:443 "GET /.well-known/openid-configuration HTTP/1.1" 200 None
2024-05-14 22:19:20,242 urllib3.connectionpool => https://auth.safetycli.com:443 "GET /.well-known/jwks.json HTTP/1.1" 200 None
2024-05-14 22:19:20,243 safety.cli => Telemetry enabled: True
2024-05-14 22:19:20,246 safety.cli => Running check command
2024-05-14 22:19:20,246 safety.util => Path: None
2024-05-14 22:19:20,246 safety.util => File Type: requirements.txt
2024-05-14 22:19:20,246 safety.util => Trying to parse file using dparse...
2024-05-14 22:19:20,246 safety.util => Content: idna==3.0.0

2024-05-14 22:19:20,248 safety.util => Dependency file: {'file_type': 'requirements.txt', 'content': 'idna==3.0.0\n', 'path': None, 'sha': None, 'dependencies': [{'name': 'idna', 'specs': <SpecifierSet('==3.0.0')>, 'line': 'idna==3.0.0', 'source': 'pypi', 'meta': {}, 'line_numbers': None, 'index_server': None, 'hashes': [], 'dependency_type': 'requirements.txt', 'extras': set(), 'sections': None}], 'resolved_dependencies': [{'name': 'idna', 'specs': <SpecifierSet('==3.0.0')>, 'line': 'idna==3.0.0', 'source': 'pypi', 'meta': {}, 'line_numbers': None, 'index_server': None, 'hashes': [], 'dependency_type': 'requirements.txt', 'extras': set(), 'sections': None}]}
2024-05-14 22:19:20,248 safety.util => Parsed, dependencies: [{'name': 'idna', 'specs': <SpecifierSet('==3.0.0')>, 'line': 'idna==3.0.0', 'source': 'pypi', 'meta': {}, 'line_numbers': None, 'index_server': None, 'hashes': [], 'dependency_type': 'requirements.txt', 'extras': set(), 'sections': None}]
2024-05-14 22:19:20,248 safety.cli => Calling the check function
2024-05-14 22:19:20,251 safety.util => Telemetry body built: {'os_type': 'Linux', 'os_release': '6.5.0-28-generic', 'os_description': 'Linux-6.5.0-28-generic-x86_64-with-glibc2.31', 'python_version': '3.10.0', 'safety_command': 'check', 'safety_options': {'stdin': {'--stdin': 1}}, 'safety_version': '3.2.0', 'safety_source': 'cli'}
2024-05-14 22:19:20,252 urllib3.connectionpool => Starting new HTTPS connection (1): pyup.io:443
2024-05-14 22:19:20,377 urllib3.connectionpool => https://pyup.io:443 "GET /aws/safety/free/2.0.0/insecure.json?telemetry=%7B%22safety_options%22%3A+%7B%22stdin%22%3A+%7B%22--stdin%22%3A+1%7D%7D%2C+%22safety_version%22%3A+%223.2.0%22%2C+%22safety_source%22%3A+%22cli%22%2C+%22os_type%22%3A+%22Linux%22%2C+%22os_release%22%3A+%226.5.0-28-generic%22%2C+%22os_description%22%3A+%22Linux-6.5.0-28-generic-x86_64-with-glibc2.31%22%2C+%22python_version%22%3A+%223.10.0%22%2C+%22safety_command%22%3A+%22check%22%7D HTTP/1.1" 200 168019
2024-05-14 22:19:20,414 safety.util => Telemetry body built: {'os_type': 'Linux', 'os_release': '6.5.0-28-generic', 'os_description': 'Linux-6.5.0-28-generic-x86_64-with-glibc2.31', 'python_version': '3.10.0', 'safety_command': 'check', 'safety_options': {'stdin': {'--stdin': 1}}, 'safety_version': '3.2.0', 'safety_source': 'cli'}
2024-05-14 22:19:20,454 urllib3.connectionpool => https://pyup.io:443 "GET /aws/safety/free/2.0.0/insecure_full.json?telemetry=%7B%22safety_options%22%3A+%7B%22stdin%22%3A+%7B%22--stdin%22%3A+1%7D%7D%2C+%22safety_version%22%3A+%223.2.0%22%2C+%22safety_source%22%3A+%22cli%22%2C+%22os_type%22%3A+%22Linux%22%2C+%22os_release%22%3A+%226.5.0-28-generic%22%2C+%22os_description%22%3A+%22Linux-6.5.0-28-generic-x86_64-with-glibc2.31%22%2C+%22python_version%22%3A+%223.10.0%22%2C+%22safety_command%22%3A+%22check%22%7D HTTP/1.1" 200 10262281
2024-05-14 22:19:20,727 safety.cli => Unexpected Exception happened: 'idna'
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/safety/cli.py", line 240, in check
    vulns, db_full = safety.check(session=ctx.obj.auth.client, packages=packages, db_mirror=db, cached=cache, ignore_vulns=ignore,
  File "/usr/local/lib/python3.10/site-packages/safety/util.py", line 743, in new_func
    return f(*args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/safety/safety.py", line 423, in check
    for data in get_vulnerabilities(pkg=name, spec=specifier, db=db_full):
  File "/usr/local/lib/python3.10/site-packages/safety/safety.py", line 261, in get_vulnerabilities
    for entry in db['vulnerable_packages'][pkg]:
KeyError: 'idna'
Unhandled exception happened: 'idna'
johnraz commented 1 month ago

Seems like it's working now, so I'm assuming the db file has been fixed :rocket: