Commit e6b637a2 authored by Jérome Perrin's avatar Jérome Perrin

check_software: fix warning on python2

On python2, warnings.warn expects the message to be passed as a str
and it will silently output nothing when the message is an unicode
that can not be converted to str using ascii encoding (cf.
https://bugs.python.org/issue34752 )

Since october update of pyupio/safety-db there is a new vulnerability
for pytest-runner, which is described as:

    "pytest-runner": [
        {
            "advisory": "Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example \u2018setup_requires\u2019 and \u2018tests_require\u2019 bypass pip --require-hashes. See also pypa/setuptools#1684.\r\nIt is recommended that you:\r\n- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.\r\n- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.\r\n- Select a tool to bootstrap and then run tests such as tox.",
            "cve": "PVE-2021-43313",
            "id": "pyup.io-43313",
            "specs": [
                ">0"
            ],
            "v": ">0"
        }
    ],

notice the quotes:

    \u2018setup_requires\u2019 and \u2018tests_require\u2019

this was sent to warnings.warn as unicode and because all our softwares
have this vulnerability (that BTW do not impact us because we run
buildout with a patch for setup_requires), we no longer saw any
warning on python2 software release tests.
parent 3cb8a899
Pipeline #19461 failed with stage
in 0 seconds
...@@ -35,6 +35,7 @@ import warnings ...@@ -35,6 +35,7 @@ import warnings
import pkg_resources import pkg_resources
import requests import requests
from six.moves.configparser import ConfigParser from six.moves.configparser import ConfigParser
import six
try: try:
import subprocess32 as subprocess import subprocess32 as subprocess
...@@ -302,6 +303,10 @@ def checkSoftware(slap, software_url): ...@@ -302,6 +303,10 @@ def checkSoftware(slap, software_url):
)))) ))))
if warning_list: if warning_list:
warnings.warn('\n'.join(warning_list)) if six.PY2:
# https://bugs.python.org/issue34752
warnings.warn('\n'.join(warning_list).encode('utf-8'))
else:
warnings.warn('\n'.join(warning_list))
if error_list: if error_list:
raise RuntimeError('\n'.join(error_list)) raise RuntimeError('\n'.join(error_list))
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment