-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] jake ddt fails with ValueError: invalid literal for int() with base 10: 'noinfo' - both v2.1.1 and v3 #132
Comments
Hi @DavidGietka-NOAA - thanks for taking the time to report and issue with To provide a little more context, are you able to share the output of your specific Thanks in advance! |
Same as #128...? |
Hello,
|
Hello, |
@DavidGietka-NOAA - just want to be clear on the command you are running...
Are you able to try the above commands with |
As an aside, the original error you report will be due to a package that is installed in your current Python environment (which I'd been keen to track down as it's getting a |
Hello, |
Hello, |
The second commands returns an error: Traceback (most recent call last): |
Hi @DavidGietka-NOAA - sorry - that has helped less :-( The error you have seen in your last message is super weird - For Did you install |
Hello |
FYI: I also get the error when using the It seems related to the Python version in the environment. In my case the error is given when using Python 3.9.7. When using Python 3.11.0, it does not give the error and works (apart from the problem described in issue #139). I'm using Windows 10 and conda 23.1.0. |
Hi have encountered this exact same error using both jake 2.1.1 and jake 3.0.0 version in a python venv for a lab in coursera. Just trying to check a simple webapp for vulnerabilities. May be one can try here: pip freeze output: |
I am also seeing this issue this morning. Putting in some debug printing the issue appears to be due to CVE-2023032881 which is reporting a CWE or "CWE-noinfo". I added a simple patch to test for CWE-noinfo and set it back to None and jake completes the scan. This was the only oic_vulnerability with cwe equal to 'CWE-noinfo'
Relevant output
|
@ddowling Does this still occur when using Jake 3.0.1? |
@bhamail I checked again this morning and the problem has fixed itself for Jake 3.0.0 and CVE-2023-31047. It seems over night the CWE-ID on this vulnerability was changed from "CWE-noinfo" to "CWE-20". That had me scratching my head for a while. The changing CWE values could explain why this issue was difficult to reproduce. |
I have the same problem in the training lab from Cousera, the pip upgrade manual ( -m ) in Python 3.8 in the Python directory fixed it. |
Hello,
Describe the bug
I am unable to run conda list | jake ddt because of the error below. I tried both with pip install and conda install -c conda-forge jake and jake=2.1.1 They all fail with the same error.
Traceback (most recent call last):
File "/ngs/projects/binaries/anaconda3/envs/basesec/bin/jake", line 10, in
sys.exit(main())
File "/ngs/projects/binaries/anaconda3/envs/basesec/lib/python3.8/site-packages/jake/app.py", line 122, in main
JakeCmd(args).execute()
File "/ngs/projects/binaries/anaconda3/envs/basesec/lib/python3.8/site-packages/jake/app.py", line 96, in execute
exit_code: int = command.execute(arguments=self._arguments)
File "/ngs/projects/binaries/anaconda3/envs/basesec/lib/python3.8/site-packages/jake/command/init.py", line 43, in execute
return self.handle_args()
File "/ngs/projects/binaries/anaconda3/envs/basesec/lib/python3.8/site-packages/jake/command/oss.py", line 170, in handle_args
cwes=[int(oic_vulnerability.cwe[4:])] if oic_vulnerability.cwe else None,
ValueError: invalid literal for int() with base 10: 'noinfo'
To Reproduce
Steps to reproduce the behavior:
conda list | jake ddt
Expected behavior
A report of vulnerabilities
Screenshots
No further information on screen besides traceback.
Desktop (please complete the following information):
Additional context
None.
Thanks for your assistance. Please let me know if you need more information.
The text was updated successfully, but these errors were encountered: