Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unhandled exception happened: 'graphene-django' #474

Open
Darkborderman opened this issue May 31, 2023 · 1 comment
Open

Unhandled exception happened: 'graphene-django' #474

Darkborderman opened this issue May 31, 2023 · 1 comment
Assignees
@yeisonvargasf

Comments

@Darkborderman
Copy link

Darkborderman commented May 31, 2023
edited

safety version: 2.3.5
Python version: 3.8.13
Operating System: MacOS Ventura 13.3.1 (a)

Description

Our Github Action encounters fails when checking requirements today.

It looks like insecure_full.json differs sometimes when safety try to retrieve it.

Expected result:

  • safety should report graphene-djago issue with Vulnerability ID 55237
-> Vulnerability found in graphene-django version 2.15.0
   Vulnerability ID: 55237
   Affected spec: <3.0.1
   ADVISORY: Graphene-django 3.0.1 updates its NPM dependency 'graphiql'
   to v1.4.7 to fix a potential vulnerability.
   CVE-2021-41248
   For more information, please visit https://pyup.io/v/55237/f17

What I Did

The error context when running safety check:

Unhandled exception happened: 'graphene-django'

The following is the result runs with safety --debug check

I also dump success/fail insecure_full.json to gist.

2023-05-31 13:28:00,930 safety.cli => Telemetry enabled: True
2023-05-31 13:28:00,931 safety.cli => Running check command
2023-05-31 13:28:01,089 safety.cli => Calling the check function
2023-05-31 13:28:01,100 safety.util => Telemetry body built: {'os_type': 'Darwin', 'os_release': '22.4.0', 'os_description': 'macOS-13.3.1-x86_64-i386-64bit', 'python_version': '3.8.13', 'safety_command': 'check', 'safety_options': {}, 'safety_version': '2.3.5', 'safety_source': 'cli'}
2023-05-31 13:28:01,108 urllib3.connectionpool => Starting new HTTPS connection (1): pyup.io:443
2023-05-31 13:28:01,158 urllib3.connectionpool => https://pyup.io:443 "GET /aws/safety/free/insecure.json?telemetry=%7B%22os_type%22%3A+%22Darwin%22%2C+%22os_release%22%3A+%2222.4.0%22%2C+%22os_description%22%3A+%22macOS-13.3.1-x86_64-i386-64bit%22%2C+%22python_version%22%3A+%223.8.13%22%2C+%22safety_command%22%3A+%22check%22%2C+%22safety_options%22%3A+%7B%7D%2C+%22safety_version%22%3A+%222.3.5%22%2C+%22safety_source%22%3A+%22cli%22%7D HTTP/1.1" 200 117782
2023-05-31 13:28:01,169 safety.util => Telemetry body built: {'os_type': 'Darwin', 'os_release': '22.4.0', 'os_description': 'macOS-13.3.1-x86_64-i386-64bit', 'python_version': '3.8.13', 'safety_command': 'check', 'safety_options': {}, 'safety_version': '2.3.5', 'safety_source': 'cli'}
2023-05-31 13:28:01,182 urllib3.connectionpool => https://pyup.io:443 "GET /aws/safety/free/insecure_full.json?telemetry=%7B%22os_type%22%3A+%22Darwin%22%2C+%22os_release%22%3A+%2222.4.0%22%2C+%22os_description%22%3A+%22macOS-13.3.1-x86_64-i386-64bit%22%2C+%22python_version%22%3A+%223.8.13%22%2C+%22safety_command%22%3A+%22check%22%2C+%22safety_options%22%3A+%7B%7D%2C+%22safety_version%22%3A+%222.3.5%22%2C+%22safety_source%22%3A+%22cli%22%7D HTTP/1.1" 200 3777902
2023-05-31 13:28:01,345 safety.cli => Unexpected Exception happened: 'graphene-django'
Traceback (most recent call last):
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/cli.py", line 145, in check
    vulns, db_full = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_vulns=ignore,
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/util.py", line 614, in new_func
    return f(*args, **kwargs)
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/safety.py", line 345, in check
    for data in get_vulnerabilities(pkg=name, spec=specifier, db=db_full):
  File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/safety.py", line 231, in get_vulnerabilities
    for entry in db[pkg]:
KeyError: 'graphene-django'
Unhandled exception happened: 'graphene-django'
2023-05-31 13:28:01,346 safety.cli => Calling clean up on close function.
2023-05-31 13:28:01,346 safety.safety => Closing requests session.
@yeisonvargasf yeisonvargasf self-assigned this May 31, 2023
@yeisonvargasf
Copy link
Member

Thank you for your detailed report @Darkborderman; we've identified the cause of this issue and are working to fix it as soon as possible.

It's a caching issue. As you can see, you're receiving an insecure_full.json with a different date.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yeisonvargasf yeisonvargasf

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Darkborderman @yeisonvargasf