[BUG] TypeError in oss.py when CWEs are found (#95 followup)

[blackstream-x]

Describe the bug When finding a vulnerability having a CWE, jake 1.4.3 now produces a TypeError (seems to be a followup error of the #95 bugfix)

To Reproduce Steps to reproduce the behavior:

1. Run a docker container with image python:3.6-slim: docker run --rm -it --name jaketest python:3.6-slim bash
2. Inside the container, install and activate a virtual environment. The version of pip inside that environment will be 18.1 which has known vulnerabilities.
3. Install jake inside the virtual environment
4. Run jake ddt
5. jake produces the error TypeError: sequence item 0: expected str instance, int found

Expected behavior Jake produces a vulnerability report.

Screenshots

(jake143) root@0163a4bf5553:/# pip show pip
Name: pip
Version: 18.1
Summary: The PyPA recommended tool for installing Python packages.
Home-page: https://pip.pypa.io/
Author: The pip developers
Author-email: pypa-dev@groups.google.com
License: MIT
Location: /jake143/lib/python3.6/site-packages
Requires: 
Required-by: 
(jake143) root@0163a4bf5553:/# jake ddt
                   ___           ___           ___     
       ___        /  /\         /  /\         /  /\    
      /__/\      /  /::\       /  /:/        /  /::\   
      \__\:\    /  /:/\:\     /  /:/        /  /:/\:\  
  ___ /  /::\  /  /::\ \:\   /  /::\____   /  /::\ \:\ 
 /__/\  /:/\/ /__/:/\:\_\:\ /__/:/\:::::\ /__/:/\:\ \:\
 \  \:\/:/~~  \__\/  \:\/:/ \__\/~|:|~~~~ \  \:\ \:\_\/
  \  \::/          \__\::/     |  |:|      \  \:\ \:\  
   \__\/           /  /:/      |  |:|       \  \:\_\/  
                  /__/:/       |__|:|        \  \:\    
                  \__\/         \__\|         \__\/    

            /)                     /)             
        _/_(/    _     _  __   _  (/_   _         
 o   o  (__/ )__(/_   /_)_/ (_(_(_/(___(/_ o   o  

Jake Version: 1.4.3
Put your Python dependencies in a chokehold

🐍 Collected 26 packages from your environment                       ━━━━━━━━━━━━━━━━━━ 100% 0:00:00
🐍 Successfully queried OSS Index for package and vulnerability info ━━━━━━━━━━━━━━━━━━ 100% 0:00:00
🐍 Sane number of results from OSS Index                             ━━━━━━━━━━━━━━━━━━ 100% 0:00:00
🐍 Munching & crunching data...                                      ━━━━━━━━━━━━━━━━━━ 100% 0:00:00

[4/26] - pip@18.1 [VULNERABLE]
Traceback (most recent call last):
  File "/jake143/bin/jake", line 11, in <module>
    sys.exit(main())
  File "/jake143/lib/python3.6/site-packages/jake/app.py", line 124, in main
    JakeCmd().execute()
  File "/jake143/lib/python3.6/site-packages/jake/app.py", line 69, in execute
    exit_code: int = command.execute(arguments=self._arguments)
  File "/jake143/lib/python3.6/site-packages/jake/command/__init__.py", line 45, in execute
    return self.handle_args()
  File "/jake143/lib/python3.6/site-packages/jake/command/oss.py", line 174, in handle_args
    self._print_oss_index_report(components=components)
  File "/jake143/lib/python3.6/site-packages/jake/command/oss.py", line 239, in _print_oss_index_report
    OssCommand._print_vulnerability(tree=tree, v=v)
  File "/jake143/lib/python3.6/site-packages/jake/command/oss.py", line 298, in _print_vulnerability
    """
  File "/jake143/lib/python3.6/site-packages/jake/command/oss.py", line 292, in <listcomp>
    f'CWEs: {",".join(v.cwes) if v.cwes else "Not Recorded"}[bright_white]' for rating in v.ratings])}
TypeError: sequence item 0: expected str instance, int found
(jake143) root@0163a4bf5553:/# 

Desktop (please complete the following information):

• OS: Linux x86-64
• Python Version: 3.6.15
• Version: 1.4.3

Additional context In a Python 3.9.10 virtual environment with no additional packages installed, jake 1.4.3 exits with the error TypeError: 'int' object is not callable – probably also caused by the #95 fix.

[madpah]

Hi @blackstream-x,

Thanks again for taking the time to report this. You are correct - our fix was bad for the original issue it seems. Will get this addressed.

[madpah]

@blackstream-x - jake 1.4.4 has been published with this fixed (promise 👍 ) https://pypi.org/project/jake/1.4.4/

[blackstream-x]

confirmed :+1: No crashes anymore when using the --clear-cache option (see #100)