lucas-c / pre-commit-hooks-safety Goto Github PK
View Code? Open in Web Editor NEWA pre-commit hook to check your Python dependencies against safety-db
License: MIT License
pre-commit-hooks-safety's People
Stargazers
Watchers
Forkers
jsumnerphd galdanwing darkdreamingdan graingert julian scollovati dmares01 kerberosmorphy sshishov rodrigo-novas humanprinter marximusmaximus cielquan wzharith thorroed gsi-luispre-commit-hooks-safety's Issues
support `--ignore=x,y,z` ignore in `args: [`
Fails with import error
When trying to use this check I get the following error message:
Python dependencies checker...........................................................................................................................................................................................................Failed
hookid: python-safety-dependencies-check
Traceback (most recent call last):
File "/home/user/.pre-commit/repoR_abcd/py_env-default/bin/safety", line 11, in <module>
load_entry_point('pre-commit-hooks-safety==1.0.0', 'console_scripts', 'safety')()
File "/home/user/.pre-commit/repoR_abcd/py_env-default/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 564, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/home/user/.pre-commit/repoR_abcd/py_env-default/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2608, in load_entry_point
return ep.load()
File "/home/user/.pre-commit/repoR_abcd/py_env-default/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2268, in load
return self.resolve()
File "/home/user/.pre-commit/repoR_abcd/py_env-default/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2274, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/home/user/.pre-commit/repoR_abcd/py_env-default/local/lib/python2.7/site-packages/pre_commit_hooks/safety.py", line 3, in <module>
from safety.cli import check
ImportError: No module named cli
The configuration in pre-commit-config.yaml is:
- repo: https://github.com/Lucas-C/pre-commit-hooks-safety
sha: v1.0.9
hooks:
- id: python-safety-dependencies-checkWhen I rename your safety.py to something else (like safety_check.py) and adjust setup.py accordingly it works, so I'd say it's a naming collision between your safety.py and safety itself.
The same happens for me with your bandit check as well.
ModuleNotFoundError: No module named 'safety.alerts'
We started seeing this error intermittently just now when running the pre-commit hook at v1.3.0. It was working at 21:13 UTC today.
Traceback (most recent call last):
File "/home/runner/.cache/pre-commit/repodztrbsrf/py_env-python3.10.7/bin/safety_check", line 5, in <module>
from pre_commit_hooks.safety_check import main
File "/home/runner/.cache/pre-commit/repodztrbsrf/py_env-python3.10.7/lib/python3.10/site-packages/pre_commit_hooks/safety_check.py", line 12, in <module>
from safety.cli import cli
File "/home/runner/.cache/pre-commit/repodztrbsrf/py_env-python3.10.7/lib/python3.10/site-packages/safety/cli.py", line 13, in <module>
from safety.alerts import alert
ModuleNotFoundError: No module named 'safety.alerts'
Hook fails because there are no dev dependency group in our poetry config
We have chosen to split our dependencies more than just a main and a dev group, so now we do not have a dev group at all.
Instead we have main, docs, lint, tools and test.
In Poetry 1.5.0, this now breaks because python-poetry/poetry#7529 was merged and unknown group names now trigger an error in poetry when used with --only, --with and --without.
Would it be possible to have the full list of optional groups be taken as an argument? This would also help with #41
Error: No such option: --disable-telemetry Did you mean --disable-optional-telemetry?
Hi,
I hope you're doing well.
I'm using this config:
- repo: https://github.com/Lucas-C/pre-commit-hooks-safety
rev: v1.3.1
hooks:
- id: python-safety-dependencies-check
name: Check dependencies for vulnerability
files: requirements*
args: ["--disable-telemetry"]
but I got this error:
Error: No such option: --disable-telemetry Did you mean --disable-optional-telemetry?
add hooks for safety for other languages too?
I am getting `safety_check: error: Unsupported mix of pyproject.toml & requirements files found` starting in 1.3.0
Hello!
Since 1.3.0, I've been getting this error:
safety_check: error: Unsupported mix of pyproject.toml & requirements files found
For one of the projects that gave me this error, safety helpfully listed the files that were affected. It turned out that there was a requirements folder in the documentation containing markdown files. I managed to fix it by passing files: pyproject.toml.
For the other project, there is no file with requirements in the full path, and passing files: pyproject.toml doesn't do anything either.
2.3.1 tag
Safety was upgraded for security reasons. Could we get a new tag?
pkg_resources.parse_requirements raise a "RequirementParseError: Invalid requirement, parse error" when there are URLs in requirements.txt
cf. pyupio/safety#18
README add name key in Alternative local hook
In Alternative local hook add please name key
During the usage :
Missing required key: name
Exception when run in pre-commit ci
-
Run url: https://results.pre-commit.ci/run/github/271132078/1617374166.oTZJbiEtQ5WvSAQiJtgiQQ
-
Full traceback:
Traceback (most recent call last):
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/urllib3/connection.py", line 169, in _new_conn
conn = connection.create_connection(
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/urllib3/util/connection.py", line 73, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Temporary failure in name resolution
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
conn.connect()
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/urllib3/connection.py", line 353, in connect
conn = self._new_conn()
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/urllib3/connection.py", line 181, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f1fa9536d30>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='raw.githubusercontent.com', port=443): Max retries exceeded with url: /pyupio/safety-db/master/data/insecure.json (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f1fa9536d30>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/bin/safety_check", line 8, in <module>
sys.exit(main())
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/pre_commit_hooks/safety_check.py", line 38, in main
return call_safety_check(parsed_args.files, parsed_args.ignore, parsed_args.full_report, args_rest)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/pre_commit_hooks/safety_check.py", line 60, in call_safety_check
check.main(safety_args + [full_report_arg] + args_rest, prog_name="safety")
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/click/core.py", line 610, in invoke
return callback(*args, **kwargs)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/safety/cli.py", line 71, in check
vulns = safety.check(packages=packages, key=key, db_mirror=db, cached=cache, ignore_ids=ignore, proxy=proxy_dictionary)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/safety/safety.py", line 138, in check
db = fetch_database(key=key, db=db_mirror, cached=cached, proxy=proxy)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/safety/safety.py", line 121, in fetch_database
data = fetch_database_url(mirror, db_name=db_name, key=key, cached=cached, proxy=proxy)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/safety/safety.py", line 90, in fetch_database_url
r = requests.get(url=url, timeout=REQUEST_TIMEOUT, headers=headers, proxies=proxy)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/pc/clone/wW0pw9xyTVWbKZ_uIUTBAw/py_env-python3/lib/python3.8/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='raw.githubusercontent.com', port=443): Max retries exceeded with url: /pyupio/safety-db/master/data/insecure.json (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f1fa9536d30>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))`binsafety_check`causing max recursion failure
File "/home/jenkins/workspace/cl-infratools-jenkinsfile_v1.1.1/.cache/pre-commit/repoLdwXZS/y_env-python2.7/binsafety_check", line 8, in <module>
RuntimeError: maximum recursion depth exceeded while calling a Python object
'NoneType' object has no attribute 'telemetry'
The hook at v1.2.4 has been failing for me since 12:14 a.m. UTC today (June 29th, 2022) in one repo but not others. I believe the underlying API is reported as up, and I'm stumped as to how to debug this further, so any help would be greatly appreciated. This is the error I'm getting:
Unexpected Exception happened: 'NoneType' object has no attribute 'telemetry'
Traceback (most recent call last):
File "/home/runner/.cache/pre-commit/reponl89_evy/py_env-python3.10.4/lib/python3.10/site-packages/safety/cli.py", line 101, in check
announcements = safety.get_announcements(key=key, proxy=proxy_dictionary, telemetry=ctx.parent.telemetry)
AttributeError: 'NoneType' object has no attribute 'telemetry'
Safety results different where I run it.
When the hook runs in pre-commit, I get this:
safety...................................................................Failed
hookid: python-safety-dependencies-check
╒══════════════════════════════════════════════════════════════════════════════╕
│ │
│ /$$$$$$ /$$ │
│ /$$__ $$ | $$ │
│ /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ │
│ /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ │
│ | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ │
│ \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ │
│ /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ │
│ |_______/ \_______/|__/ \_______/ \___/ \____ $$ │
│ /$$ | $$ │
│ | $$$$$$/ │
│ by pyup.io \______/ │
│ │
╞══════════════════════════════════════════════════════════════════════════════╡
│ REPORT │
│ checked 69 packages, using default DB │
╞════════════════════════════╤═══════════╤══════════════════════════╤══════════╡
│ package │ installed │ affected │ ID │
╞════════════════════════════╧═══════════╧══════════════════════════╧══════════╡
│ requests │ 2.18.4 │ <=2.19.1 │ 36546 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ The Requests package before 2.19.1 sends an HTTP Authorization header to an │
│ http URI upon receiving a same-hostname https-to-http redirect, which makes │
│ it easier for remote attackers to discover credentials by sniffing the │
│ network. │
╞══════════════════════════════════════════════════════════════════════════════╡
│ urllib3 │ 1.22 │ <1.23 │ 36541 │
╞══════════════════════════════════════════════════════════════════════════════╡
│ urllib3 before 1.23 does not remove the Authorization HTTP header when │
│ following a cross-origin redirect (i.e., a redirect that differs in host, │
│ port, or scheme). This can allow for credentials in the Authorization header │
│ to be exposed to unintended hosts or transmitted in cleartext. │
╘══════════════════════════════════════════════════════════════════════════════╛
docformatter.............................................................Passed
Poetry check.........................................(no files to check)Skipped
codespell................................................................Passed
And yet when I run it in project, I get this:
nifty-logging-colours-6pZ7Y-k_-py3.7(master|+14…4); safety check
╒══════════════════════════════════════════════════════════════════════════════╕
│ │
│ /$$$$$$ /$$ │
│ /$$__ $$ | $$ │
│ /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ │
│ /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ │
│ | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ │
│ \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ │
│ /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ │
│ |_______/ \_______/|__/ \_______/ \___/ \____ $$ │
│ /$$ | $$ │
│ | $$$$$$/ │
│ by pyup.io \______/ │
│ │
╞══════════════════════════════════════════════════════════════════════════════╡
│ REPORT │
│ checked 168 packages, using default DB │
╞══════════════════════════════════════════════════════════════════════════════╡
│ No known security vulnerabilities found. │
╘══════════════════════════════════════════════════════════════════════════════╛
Note that in the first instance (via pre-commit, I get 69 packages whereas within my venv, I get 168 so clearly pre-commit is not running it where I think it should.
My configuration is as such:
- repo: https://github.com/Lucas-C/pre-commit-hooks-safety
rev: v1.1.0
hooks:
- id: python-safety-dependencies-check
Any idea?
Nontype object has no attribute telemetry
I'm getting this weird error when I'm trying to push my code:
Unexpected Exception happened: 'NoneType' object has no attribute 'telemetry'
Traceback (most recent call last):
File "/<folders>/.cache/pre-commit/repo4126ctqi/py_env-python3.9/lib/python3.9/site-packages/safety/cli.py", line 110, in check
announcements = safety.get_announcements(key=key, proxy=proxy_dictionary, telemetry=ctx.parent.telemetry)
AttributeError: 'NoneType' object has no attribute 'telemetry'
Unhandled exception happened: 'NoneType' object has no attribute 'telemetry'
my .pre-commit-config.yml
repos:
# Check Python dependencies against safety-db.
- repo: 'https://github.com/Lucas-C/pre-commit-hooks-safety'
rev: v1.2.4
hooks:
- id: python-safety-dependencies-check
args: [--ignore=42194]
Python version: 3.9.14
Add support for requirements.txt and pyproject.toml
It would be nice if this could be run on a repo that had both a requirements.txt and a pyproject.toml. For example I use poetry for development but then have a requirements.txt used by FBS for compiling. Both files don't need to be checked, but even if I only pass in the pyproject.toml file, it still errors out.
- repo: https://github.com/Lucas-C/pre-commit-hooks-safety
rev: v1.2.2
hooks:
- id: python-safety-dependencies-check
args: [files pyproject.toml]
Unless I am not properly passing in the file then it's just user error
correct ignore option in readme
In my case,
[--ignore=39153,39652] is not work
["--ignore=39153,39652"] is work only
Type error during string interpolation
This has already been fixed in the safety library, here is the issue: pyupio/safety#141
here is the fix: https://github.com/pyupio/safety/pull/142/files
Stacktrace:
safety...................................................................Failed
hookid: python-safety-dependencies-check
Traceback (most recent call last):
File "~/.cache/pre-commit/repoqfzf4xho/py_env-python3.6/bin/safety_check", line 11, in <module>
sys.exit(main())
File "~/.cache/pre-commit/repoqfzf4xho/py_env-python3.6/lib/python3.6/site-packages/pre_commit_hooks/safety_check.py", line 8, in main
check.main(['--full-report'] + sum((['-r', f] for f in argv), []))
File "~/.cache/pre-commit/repoqfzf4xho/py_env-python3.6/lib/python3.6/site-packages/click/core.py", line 697, in main
rv = self.invoke(ctx)
File "~/.cache/pre-commit/repoqfzf4xho/py_env-python3.6/lib/python3.6/site-packages/click/core.py", line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "~/.cache/pre-commit/repoqfzf4xho/py_env-python3.6/lib/python3.6/site-packages/click/core.py", line 535, in invoke
return callback(*args, **kwargs)
File "~/.cache/pre-commit/repoqfzf4xho/py_env-python3.6/lib/python3.6/site-packages/safety/cli.py", line 71, in check
key=key
File "~/.cache/pre-commit/repoqfzf4xho/py_env-python3.6/lib/python3.6/site-packages/safety/formatter.py", line 196, in report
return SheetReport.render(vulns, full=full, checked_packages=checked_packages, used_db=used_db)
File "~/.cache/pre-commit/repoqfzf4xho/py_env-python3.6/lib/python3.6/site-packages/safety/formatter.py", line 116, in render
table.append("│ {:76} │".format(line.encode('utf-8')))
TypeError: unsupported format string passed to bytes.__format__
Fails with older poetry versions: NoSuchOptionException: The "--with" option does not exist.
The convert_poetry_to_requrements function fails when Poetry 1.1.14 is installed. This version doesn't accept the --with dev option.
This older version of Poetry uses the --dev option, which is still accepted by current Poetry versions. So changing convert_poetry_to_requrements to use --dev would allow it to work on older & current Poetry versions.
Path to requirements.txt doesn't resolve
When I run
michael:outbound-file-transfer$ safety check -r requirements.txt
safety works. When I use the pre-commit hook configuration:
repo: https://github.com/Lucas-C/pre-commit-hooks-safety
sha: v1.1.3
hooks:
- id: python-safety-dependencies-check
-
I get
safety...............................................(no files to check)Skipped
Dependency Dashboard
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
Detected dependencies
github-actions
.github/workflows/build.yml
actions/checkout v4actions/setup-python v5
pip_requirements
dev-requirements.txt
- Check this box to trigger a request for Renovate to run again on this repository
Outputs a Warning from poetry.
When running preicommit-hooks-safety, the following warning is output:
The `--dev` option is deprecated, use the `--with dev` notation instead.
The warning is coming from poetry.
support `--ignore=x,y,z` ignore in `args: [`
re-opening #7
update hardcoded path to poetry executable
The get-poetry.py script described here will be replaced in Poetry 1.2 by install-poetry.py. From Poetry 1.1.7 onwards, you can already use this script as described here.
The new script installs poetry to another place:
$HOME/.local/bin for Unix
%APPDATA%\Python\Scripts on Windows
Source: https://python-poetry.org/docs/master/#installing-with-the-official-installer
Add Note for min. Poetry Version
I saw that this tool uses poetry export --with. This --with flag was added with v1.2, while the export command was added with v1.0 if I remember correctly.
I know, that I need to provide poetry myself, but a note on the readme about needing poetry >= v1.2 would be nice.
Another point is, that poetry support is not mentioned on the readme at all, while it is the only supported pyproject.toml support as of now, according to the source. I don't remember how I found this tool months ago, but the poetry support was the reason. Maybe a little section mentioning poetry support on the readme would be good.
I would make a PR if you like.
PermissionError: [WinError 32] The process cannot access the file because it is being used by another process
On Win10 with py3.8 I get the error when running the hook.
.pre-commit-config.yaml config (shorted):
...
- repo: https://github.com/Lucas-C/pre-commit-hooks-safety
rev: 8cccd08a2ddd47f0e995302b08655320fd04981a # frozen: v1.2.3
hooks:
- id: python-safety-dependencies-check
args: ["--full-report"]
files: pyproject.toml
exclude: bin/.*
...Stacktrace (shorted):
safety...................................................................Failed
- hook id: python-safety-dependencies-check
- exit code: 1
+==============================================================================+
| |
| /$$$$$$ /$$ |
| /$$__ $$ | $$ |
| /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ |
| /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ |
| | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ |
| \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ |
| /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ |
| |_______/ \_______/|__/ \_______/ \___/ \____ $$ |
| /$$ | $$ |
| | $$$$$$/ |
| by pyup.io \______/ |
| |
+==============================================================================+
| REPORT |
| checked 160 packages, using free DB (updated once a month) |
+==============================================================================+
| No known security vulnerabilities found. |
+==============================================================================+
Traceback (most recent call last):
File "C:\Users\<username>\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 194, in _run_module_as_main
return _run_code(code, main_globals, None,
File "C:\Users\<username>\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 87, in _run_code
exec(code, run_globals)
File "C:\Users\<username>\.cache\pre-commit\repo1t7i50ag\py_env-python3.8\Scripts\safety_check.EXE\__main__.py", line 7, in <module>
File "C:\Users\<username>\.cache\pre-commit\repo1t7i50ag\py_env-python3.8\lib\site-packages\pre_commit_hooks\safety_check.py", line 46, in main
return call_safety_check([tmp_requirements.name], parsed_args.ignore, parsed_args.full_report, args_rest)
File "C:\Users\<username>\AppData\Local\Programs\Python\Python38\lib\contextlib.py", line 120, in __exit__
next(self.gen)
File "C:\Users\<username>\.cache\pre-commit\repo1t7i50ag\py_env-python3.8\lib\site-packages\pre_commit_hooks\safety_check.py", line 81, in convert_poetry_to_requirements
os.remove(ntf.name)
PermissionError: [WinError 32] The process cannot access the file because it is being used by another
process: 'C:\\Users\\<username>\\AppData\\Local\\Temp\\tmpsp4pt95s'
AFAIK you cannot remove a file on windows while it is open and exactly this happens here.
The issue is that the removal of the temp file happens within the with block.
I tested a quick fix locally and got it to work. I will make a PR right away.
[Feature Request] Add always_run option
I believe it makes a lot more sense for this hook to include the always_run function of pre-commit: https://pre-commit.com/#hooks-always_run
More often than not, the safety check finds vulnerabilities in libraries that were already installed. This means in most cases when safety is important to run, it won't because the requirements file won't have been updated so the hook won't trigger.
Crashes Despite Poetry Being In Use
I have run poetry install, but still see this error message.
- hook id: python-safety-dependencies-check
- exit code: 2
usage: safety_check
[-h]
[--full-report]
[--short-report]
[--ignore IGNORE]
files
[files ...]
safety_check: error: Unsupported build tool: this pre-commit hook currently only handles pyproject.toml with Poetry
pre-commit has changed from hooks.yaml -> .pre-commit-hooks.yaml
Hello pre-commit hook implementer!
In version 0.12.0 pre-commit has changed the default location for the file formerly known as hooks.yaml to make it more convincing for others to add more hooks.
As such, a migration has to (unfortunately) occur.
For maximum compatibility it is suggested to cp hooks.yaml .pre-commit-hooks.yaml (at least for the migration period). A copy is suggested over a symlink unless you do not care for windows compatibility (and I wouldn't blame you!).
Once the migration period is over (or you no longer care to support old versions of pre-commit), the hooks.yaml file is no longer necessary and may be deleted.
See pre-commit/pre-commit#470 for more details
Thanks again for contributing to the pre-commit ecosystem, we couldn't do it without you :)
Anthony
'extra' poetry dependencies are not checked
I just noticed that convert_poetry_to_requirements works by running poetry export --with=dev and feeding the output to safety check.
When a project has 'extra' dependencies, they are not included in the output of poetry export --with-dev.
Here's a demonstration using https://github.com/yrro/hitron-exporter/:
$ poetry export --with=dev | grep '^[^ ]' | wc -l
30
$ poetry export --with=dev -E freeipa-vault -E container | grep '^[^ ]' | wc -l
48
Unfortunately poetry export dosn't have a way to include all extra dependencies; you probably have to parse pyproject.toml and construct the list of extras by looking for this part:
[tool.poetry.extras]
freeipa-vault = ["ipaclient", "ipapython"]
container = ["gunicorn", "setproctitle"]
Check dependencies defined in pyproject.toml
Hi Lucas! Many thanks for creating this very helpful tool. With more and more projects defining dependencies in pyproject.toml (e.g., via Poetry), would you consider adding support for checking dependencies defined in that file? I imagine an initial implementation could support Poetry by checking pyproject.toml for the presence of [tool.poetry.dependencies] and/or [tool.poetry.dev-dependencies] keys, and if one or both of those keys are present, using Poetry's export-to-requirements.txt feature and running the equivalent of:
poetry export --dev --format requirements.txt | safety check --stdin
What do you think?
safety check is done successfully but exit code is 255
I ran this command
> safety check
+==============================================================================+
| |
| /$$$$$$ /$$ |
| /$$__ $$ | $$ |
| /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ |
| /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ |
| | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ |
| \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ |
| /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ |
| |_______/ \_______/|__/ \_______/ \___/ \____ $$ |
| /$$ | $$ |
| | $$$$$$/ |
| by pyup.io \______/ |
| |
+==============================================================================+
| REPORT |
| checked 99 packages, using free DB (updated once a month) |
+============================+===========+==========================+==========+
| package | installed | affected | ID |
+============================+===========+==========================+==========+
| sqlalchemy-utils | 0.37.9 | >=0.27.0 | 42194 |
+==============================================================================+
> echo $?
255This makes some script pipelines be failed when the command 'safety check' is placed the end of script.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.