Unhandled exception happened: 'graphene-django'
Darkborderman opened this issue · 2 comments
Darkborderman commented
safety version: 2.3.5
Python version: 3.8.13
Operating System: MacOS Ventura 13.3.1 (a)
Description
Our Github Action encounters fails when checking requirements today.
It looks like insecure_full.json differs sometimes when safety try to retrieve it.
Expected result:
- safety should report graphene-djago issue with Vulnerability ID 55237
-> Vulnerability found in graphene-django version 2.15.0
Vulnerability ID: 55237
Affected spec: <3.0.1
ADVISORY: Graphene-django 3.0.1 updates its NPM dependency 'graphiql'
to v1.4.7 to fix a potential vulnerability.
CVE-2021-41248
For more information, please visit https://pyup.io/v/55237/f17
What I Did
The error context when running safety check:
Unhandled exception happened: 'graphene-django'
The following is the result runs with safety --debug check
I also dump success/fail insecure_full.json to gist.
2023-05-31 13:28:00,930 safety.cli => Telemetry enabled: True
2023-05-31 13:28:00,931 safety.cli => Running check command
2023-05-31 13:28:01,089 safety.cli => Calling the check function
2023-05-31 13:28:01,100 safety.util => Telemetry body built: {'os_type': 'Darwin', 'os_release': '22.4.0', 'os_description': 'macOS-13.3.1-x86_64-i386-64bit', 'python_version': '3.8.13', 'safety_command': 'check', 'safety_options': {}, 'safety_version': '2.3.5', 'safety_source': 'cli'}
2023-05-31 13:28:01,108 urllib3.connectionpool => Starting new HTTPS connection (1): pyup.io:443
2023-05-31 13:28:01,158 urllib3.connectionpool => https://pyup.io:443 "GET /aws/safety/free/insecure.json?telemetry=%7B%22os_type%22%3A+%22Darwin%22%2C+%22os_release%22%3A+%2222.4.0%22%2C+%22os_description%22%3A+%22macOS-13.3.1-x86_64-i386-64bit%22%2C+%22python_version%22%3A+%223.8.13%22%2C+%22safety_command%22%3A+%22check%22%2C+%22safety_options%22%3A+%7B%7D%2C+%22safety_version%22%3A+%222.3.5%22%2C+%22safety_source%22%3A+%22cli%22%7D HTTP/1.1" 200 117782
2023-05-31 13:28:01,169 safety.util => Telemetry body built: {'os_type': 'Darwin', 'os_release': '22.4.0', 'os_description': 'macOS-13.3.1-x86_64-i386-64bit', 'python_version': '3.8.13', 'safety_command': 'check', 'safety_options': {}, 'safety_version': '2.3.5', 'safety_source': 'cli'}
2023-05-31 13:28:01,182 urllib3.connectionpool => https://pyup.io:443 "GET /aws/safety/free/insecure_full.json?telemetry=%7B%22os_type%22%3A+%22Darwin%22%2C+%22os_release%22%3A+%2222.4.0%22%2C+%22os_description%22%3A+%22macOS-13.3.1-x86_64-i386-64bit%22%2C+%22python_version%22%3A+%223.8.13%22%2C+%22safety_command%22%3A+%22check%22%2C+%22safety_options%22%3A+%7B%7D%2C+%22safety_version%22%3A+%222.3.5%22%2C+%22safety_source%22%3A+%22cli%22%7D HTTP/1.1" 200 3777902
2023-05-31 13:28:01,345 safety.cli => Unexpected Exception happened: 'graphene-django'
Traceback (most recent call last):
File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/cli.py", line 145, in check
vulns, db_full = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_vulns=ignore,
File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/util.py", line 614, in new_func
return f(*args, **kwargs)
File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/safety.py", line 345, in check
for data in get_vulnerabilities(pkg=name, spec=specifier, db=db_full):
File "/Users/darkborderman/.pyenv/versions/3.8.13/envs/Napoleon-3.8/lib/python3.8/site-packages/safety/safety.py", line 231, in get_vulnerabilities
for entry in db[pkg]:
KeyError: 'graphene-django'
Unhandled exception happened: 'graphene-django'
2023-05-31 13:28:01,346 safety.cli => Calling clean up on close function.
2023-05-31 13:28:01,346 safety.safety => Closing requests session.
yeisonvargasf commented
Thank you for your detailed report @Darkborderman; we've identified the cause of this issue and are working to fix it as soon as possible.
It's a caching issue. As you can see, you're receiving an insecure_full.json with a different date.
dylanpulver commented
Duplicate of this issue: #490