Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (venv) vaibhav@vaibhav-HP-Notebook:~/coala1/coala-bears/tests/python/requirements$ pytest
- ============================= test session starts ==============================
- platform linux -- Python 3.5.2, pytest-3.4.1, py-1.5.2, pluggy-0.6.0
- rootdir: /home/vaibhav/coala1/coala-bears, inifile: setup.cfg
- plugins: xdist-1.22.1, timeout-1.2.1, forked-0.2, env-0.6.2, cov-2.5.1
- timeout: 35.0s method: signal
- collected 14 items
- PinRequirementsBearTest.py .... [ 28%]
- PySafetyBearTest.py ..... [ 64%]
- PySafetyBearWithoutMockTest.py F.... [100%]
- =================================== FAILURES ===================================
- _________________ PySafetyBearTest.test_with_cve_vulnerability _________________
- self = <tests.python.requirements.PySafetyBearWithoutMockTest.PySafetyBearTest testMethod=test_with_cve_vulnerability>
- def test_with_cve_vulnerability(self):
- file_name = 'requirement.txt'
- file_contents = load_testfile(file_name)
- self.maxDiff = None
- self.check_results(
- self.uut,
- file_contents,
- [Result.from_values('PySafetyBear',
- 'bottle<0.12.10 is vulnerable to CVE-2016-9964 and your project is using 0.10.0.',
- file =get_testfile_path(file_name),
- line=1,
- column=9,
- end_line=1,
- end_column=15,
- severity=RESULT_SEVERITY.NORMAL,
- )],
- > filename=get_testfile_path(file_name))
- PySafetyBearWithoutMockTest.py:47:
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- ../../../../venv/lib/python3.5/site-packages/coalib/testing/LocalBearTestHelper.py:264: in check_results
- sorted(bear_output), sorted(results))
- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
- self = <tests.python.requirements.PySafetyBearWithoutMockTest.PySafetyBearTest testMethod=test_with_cve_vulnerability>
- observed_result = [<Result object(id=0x6492086769ca49578e4ffd83a78198fa, origin='PySafetyBear', affected_code=(<SourceRange object(start...ulnerable to CVE-2016-9964 and your project is using 0.10.0.', aspect=NoneType, applied_actions={}) at 0x7fc2fe42c0f0>]
- expected_result = [<Result object(id=0xc582638777584692b3352be3088ead2e, origin='PySafetyBear', affected_code=(<SourceRange object(start...ulnerable to CVE-2016-9964 and your project is using 0.10.0.', aspect=NoneType, applied_actions={}) at 0x7fc2fe432da0>]
- def assertComparableObjectsEqual(self, observed_result, expected_result):
- if len(observed_result) == len(expected_result):
- messages = ''
- for observed, expected in zip(observed_result, expected_result):
- if (isinstance(observed, Comparable)
- and isinstance(expected, Comparable)) and (
- type(observed) is type(expected)):
- for attribute in type(observed).__compare_fields__:
- try:
- self.assertEqual(
- getattr(observed, attribute),
- getattr(expected, attribute),
- msg='{} mismatch.'.format(attribute))
- except AssertionError as ex:
- messages += (str(ex) + '\n\n')
- else:
- self.assertEqual(observed_result, expected_result)
- if messages:
- > raise AssertionError(messages)
- E AssertionError: 'redirect() in bottle.py in bottle 0.12.10[133 chars]all.' != ''
- E - redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
- E +
- E : additional_info mismatch.
- ../../../../venv/lib/python3.5/site-packages/coalib/testing/LocalBearTestHelper.py:132: AssertionError
- ===================== 1 failed, 13 passed in 19.24 seconds =====================
- (venv) vaibhav@vaibhav-HP-Notebook:~/coala1/coala-bears/tests/python/requirements$ coala --bears PySafetyBear --files requirement.txt -V --flush-cache
- [WARNING][19:42:23] Default coafile '.coafile' not found!
- Here's what you can do:
- * add `--save` to generate a config file with your current options
- * add `-I` to suppress any use of config files
- [DEBUG][19:42:23] Registered VCS backend: git
- [DEBUG][19:42:23] Registered VCS backend: hg
- [DEBUG][19:42:24] Registered VCS backend: svn
- [DEBUG][19:42:24] Registered VCS backend: bzr
- [DEBUG][19:42:24] Platform Linux -- Python 3.5.2, coalib 0.12.0.dev99999999999999
- [DEBUG][19:42:24] The file cache was successfully flushed.
- Executing section cli...
- [WARNING][19:42:24] No files matching '/home/vaibhav/coala1/coala-bears/tests/python/requirements/requirement.txt' were found. If this rule is not required, you can remove it from section [cli] in your .coafile to deactivate this warning.
- [DEBUG][19:42:24] Files that will be checked:
- (venv) vaibhav@vaibhav-HP-Notebook:~/coala1/coala-bears/tests/python/requirements$ cd PySafety_test_files/^C^Cou may use the `--flush-cache` flag to see them.
- (venv) vaibhav@vaibhav-HP-Notebook:~/coala1/coala-bears/tests/python/requirements$ cd PySafety_test_files/
- (venv) vaibhav@vaibhav-HP-Notebook:~/coala1/coala-bears/tests/python/requirements/PySafety_test_files$ coala --bears PySafetyBear --files requirement.txt -V --flush-cache
- [WARNING][19:42:47] Default coafile '.coafile' not found!
- Here's what you can do:
- * add `--save` to generate a config file with your current options
- * add `-I` to suppress any use of config files
- [DEBUG][19:42:48] Registered VCS backend: git
- [DEBUG][19:42:48] Registered VCS backend: hg
- [DEBUG][19:42:48] Registered VCS backend: svn
- [DEBUG][19:42:48] Registered VCS backend: bzr
- [DEBUG][19:42:48] Platform Linux -- Python 3.5.2, coalib 0.12.0.dev99999999999999
- [DEBUG][19:42:48] The file cache was successfully flushed.
- Executing section cli...
- [DEBUG][19:42:48] Files that will be checked:
- /home/vaibhav/coala1/coala-bears/tests/python/requirements/PySafety_test_files/requirement.txt
- [DEBUG][19:42:49] coala is run only on changed files, bears' log messages from previous runs may not appear. You may use the `--flush-cache` flag to see them.
- [DEBUG][19:42:49] Running bear PySafetyBear...
- [DEBUG][19:42:49] Starting new HTTPS connection (1): raw.githubusercontent.com
- [DEBUG][19:42:49] https://raw.githubusercontent.com:443 "GET /pyupio/safety-db/master/data/insecure.json HTTP/1.1" 200 5290
- [DEBUG][19:42:49] Starting new HTTPS connection (1): raw.githubusercontent.com
- [DEBUG][19:42:50] https://raw.githubusercontent.com:443 "GET /pyupio/safety-db/master/data/insecure_full.json HTTP/1.1" 200 53183
- requirement.txt
- [ 1] bottle==0.10.0
- **** PySafetyBear [Section: cli | Severity: NORMAL] ****
- ! ! bottle<0.12.10 is vulnerable to CVE-2016-9964 and your project is using 0.10.0.
- [ ] *0. Do (N)othing
- [ ] 1. (O)pen file
- [ ] 2. Print (M)ore info
- [ ] 3. Add (I)gnore comment
- [ ] Enter number (Ctrl-D to exit): 2
- redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
- [ ] The action was executed successfully.
- [ ] *0. Do (N)othing
- [ ] 1. (O)pen file
- [ ] 2. Print (M)ore info
- [ ] 3. Add (I)gnore comment
- [ ] Enter number (Ctrl-D to exit):
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement