Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependent Package "packaging" upgrade halts invocation #4011

Closed
YustinS opened this issue Dec 8, 2022 · 5 comments · Fixed by #4012
Closed

Dependent Package "packaging" upgrade halts invocation #4011

YustinS opened this issue Dec 8, 2022 · 5 comments · Fixed by #4012
Labels

Comments

@YustinS
Copy link

YustinS commented Dec 8, 2022

Describe the issue
Currently we are running checkov in a CI environment in Azure DevOps over our Terraform configurations. Earlier today Checkov started failing to run, at first it was believed to link to the release that occurred earlier.
Investigation though has shown that the dependency packaging has also had a release, wherein it has dropped LegacyVersion from its codebase (see stack trace).
The quick solution is to pin packaging==21.3 to ensure the needed codebase functionality is in place.
This seems to only apply to environments that fresh install everything, as this was innoticed in local development until the CI pipeline triggered the issue.

Examples
In the ADO CI this simple version should recreate the behavior:

     - script: |
          python -m pip install --upgrade pip setuptools wheel
          pip install checkov
        displayName: "Install Checkov"

      - task: Bash@3
        displayName: Run Checkov tests
        inputs:
          targetType: "inline"
          script: |
            checkov -d . -o cli

Exception Trace

Traceback (most recent call last):
  File "/opt/hostedtoolcache/Python/3.8.15/x64/bin/checkov", line 2, in <module>
    from checkov.main import run
  File "/opt/hostedtoolcache/Python/3.8.15/x64/lib/python3.8/site-packages/checkov/main.py", line 20, in <module>
    from checkov.argo_workflows.runner import Runner as argo_workflows_runner
  File "/opt/hostedtoolcache/Python/3.8.15/x64/lib/python3.8/site-packages/checkov/argo_workflows/runner.py", line 7, in <module>
    from checkov.common.images.image_referencer import ImageReferencer, Image
  File "/opt/hostedtoolcache/Python/3.8.15/x64/lib/python3.8/site-packages/checkov/common/images/image_referencer.py", line 12, in <module>
    from checkov.common.bridgecrew.vulnerability_scanning.image_scanner import image_scanner
  File "/opt/hostedtoolcache/Python/3.8.15/x64/lib/python3.8/site-packages/checkov/common/bridgecrew/vulnerability_scanning/image_scanner.py", line 15, in <module>
    from checkov.common.bridgecrew.vulnerability_scanning.integrations.docker_image_scanning import \
  File "/opt/hostedtoolcache/Python/3.8.15/x64/lib/python3.8/site-packages/checkov/common/bridgecrew/vulnerability_scanning/integrations/docker_image_scanning.py", line 8, in <module>
    from checkov.common.bridgecrew.vulnerability_scanning.integrations.twistcli import TwistcliIntegration
  File "/opt/hostedtoolcache/Python/3.8.15/x64/lib/python3.8/site-packages/checkov/common/bridgecrew/vulnerability_scanning/integrations/twistcli.py", line 11, in <module>
    from checkov.common.bridgecrew.platform_integration import bc_integration
  File "/opt/hostedtoolcache/Python/3.8.15/x64/lib/python3.8/site-packages/checkov/common/bridgecrew/platform_integration.py", line 31, in <module>
    from checkov.common.bridgecrew.wrapper import reduce_scan_reports, persist_checks_results, \
  File "/opt/hostedtoolcache/Python/3.8.15/x64/lib/python3.8/site-packages/checkov/common/bridgecrew/wrapper.py", line 14, in <module>
    from checkov.common.util.json_utils import CustomJSONEncoder
  File "/opt/hostedtoolcache/Python/3.8.15/x64/lib/python3.8/site-packages/checkov/common/util/json_utils.py", line 6, in <module>
    from packaging.version import LegacyVersion, Version
ImportError: cannot import name 'LegacyVersion' from 'packaging.version' (/opt/hostedtoolcache/Python/3.8.15/x64/lib/python3.8/site-packages/packaging/version.py)

Desktop (please complete the following information):

  • OS: Ubuntu 20.04 ADO Pipeline Container
  • Checkov Version: tested 2.2.124 and 2.2.116, likely applies to others if they have the dependency

Additional context
Release in packaging that causes this issue is 22.0, 21.3 appears to function as expected.

@YustinS YustinS added the crash label Dec 8, 2022
@tyconsulting
Copy link

yes I am experience the exact same problem started few hours ago

@philthynz
Copy link

Wee workaround for now, run it in docker if you can docker run --tty --volume ~/:/tf --workdir /tf bridgecrew/checkov:2.2.124

@YustinS For ADO:

   - task: Bash@3
      displayName: Run Checkov Tests
      inputs:
        targetType: 'inline'
        script: |
          terraform show -json tfplan.binary > tfplan.json
          docker run --tty --volume ${{ parameters.TerraformWorkingDirectory }}:/tf --workdir /tf bridgecrew/checkov:2.2.124 --file tfplan.json --skip-check "${{ parameters.CheckovTestsToSkip }}"
        workingDirectory: '${{ parameters.TerraformWorkingDirectory }}'

@YustinS
Copy link
Author

YustinS commented Dec 8, 2022

Thanks for that. I instead just explicitly installed the working version of packaging to work around it, since we run it in a parallel step to the plan due to the scale of the environment.

      - script: |
          python -m pip install --upgrade pip setuptools wheel packaging==21.3
          pip install checkov
        displayName: "Install Checkov"

@nimrodkor
Copy link
Contributor

Thank you all for reporting @YustinS @tyconsulting @philthynz et al.

We pinned the version of packaging for now, will work on a more permanent solution (see #4013 )

Fixed version is checkov 2.2.125

@tyconsulting
Copy link

thanks, i've tested my ADO pipeline. It's working again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants