These are chat archives for coala/coala-bears

31st
Oct 2017
John Vandenberg
@jayvdb
Oct 31 2017 03:27 UTC
corobo file issue coala-bears Bear Proposal: NullAway
https://github.com/uber/NullAway
see also Bear Proposal for Checker Framework.
corobo
@co-robo
Oct 31 2017 03:27 UTC
Here you go: coala/coala-bears#2101
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 05:03 UTC
@jayvdb I did't get what the change I have to make here coala/coala-bears#2095
John Vandenberg
@jayvdb
Oct 31 2017 05:04 UTC
go back and read the issue again.
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 05:13 UTC
The first change you requested vulnerability.description is inside the try block and don't put entire yield inside the try blockI made onto it
First way there is not any description key in in the given json file so i have to replace description key with advisory as there is no any description and check all the things or second way is catch the exception and pass the message that description is changed to advisory
to replace description key with advisory
yes .. the PR isnt doing that ^
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 05:18 UTC
Thats a
Straight answer
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 05:36 UTC
I think there will be one problem in that if I remembered correctly, I will send log,currently in lecture
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:20 UTC

@jayvdb In Python packages of safety.py,which getting install by pip, and actually a site-package not inside coala site package,here in safety.py we can see that there is a description function inside it i.e.

    @property
    def description(self):
        return self.data["description"] if self.is_cve else self.data["changelog"]

and our PySafetyBear.py calling safety.py description function

File "/home/vaibhav/test/coala-venv/lib/python3.5/site-packages/bears/python/requirements/PySafetyBear.py", line 85, in run
    additional_info=Vulnerability.description,

Then it is giving keyError,means whatever safety.py sending the description key not an advisory key and after what we are doing is using it .
So we can either request Pyupio to update there packages or either we handle the KeyError

Lets suppose we change the key from description to advisory then also it will show KeyError as they have not updated their package so either we wait or Handle the exception and after that when they update their packages and create a new issue
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:28 UTC
But problem is that PyuPio organisation not updated the safety.py package and still calling return self.data["description"] not advisoryin their description function
what can i do here is directly call the advisory from json file and put it in my except part
This message was deleted
John Vandenberg
@jayvdb
Oct 31 2017 06:31 UTC
you believe that the advisory field of safety is not accessible from safety?
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:31 UTC
Yes
John Vandenberg
@jayvdb
Oct 31 2017 06:32 UTC
frankly, I dont believe that
you'll need to prove it
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:32 UTC
I have checked all even they are calling description in their description function
John Vandenberg
@jayvdb
Oct 31 2017 06:32 UTC
because if the advisory field of safety is not accessible from safety, it is an upstream bug, and should be raised upstream
but I very much doubt that, and if you created that upstream bug it would be closed as silly
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:34 UTC
what i said that they have not updated the package if they update it then i will automatically run fine
John Vandenberg
@jayvdb
Oct 31 2017 06:34 UTC
they did a release 11 days ago
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:34 UTC
ok

One question when they updated the package then why their description function are even returning description key in safety.py

self.data["description"]

It should have to call the advisory key

John Vandenberg
@jayvdb
Oct 31 2017 06:40 UTC
try installing and using their latest release (not in coala ... just use their tool on the command line ... does it work?)
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:41 UTC
Thats why I used try and except
I will uninsatll all and recheck all
Yes its works
But how i don't know
John Vandenberg
@jayvdb
Oct 31 2017 06:43 UTC
well the code is open source, so you can find out how.
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:53 UTC
This Python safety package, which is getting install by piporcoala https://pastebin.com/GCtb2AHw but what i am seeing in their github Repo https://github.com/pyupio/safety/blob/master/safety/safety.py
See the difference
there is not any description function
:sweat_smile:
John Vandenberg
@jayvdb
Oct 31 2017 06:54 UTC
you're not telling me anything I dont know already... :P
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:54 UTC
soory :laughing:
John Vandenberg
@jayvdb
Oct 31 2017 06:55 UTC
what I am hoping is that you can find the solution. I already have it.
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:57 UTC
You already have it in an hour and i am trying from last 4-5 days WOW
One solution i have i read the advisory key and put it in except part
John Vandenberg
@jayvdb
Oct 31 2017 06:57 UTC
bingo
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:58 UTC
Or I have to thinks something different

bingo

Am i getting right?

John Vandenberg
@jayvdb
Oct 31 2017 06:59 UTC
yes
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 06:59 UTC
ohk you will get a PR today reagarding this
John Vandenberg
@jayvdb
Oct 31 2017 07:00 UTC
still isnt the complete solution, but your getting much warmer
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 07:04 UTC
I know but IMO this is the last thing I am getting in my mind or I will deep search in my mind to find any solution like a Sherlock :stuck_out_tongue_winking_eye:
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 07:23 UTC

what can i do here is directly call the advisory from json file and put it in my except part

I already said that solution previously :stuck_out_tongue:

Vaibhav Rai
@RaiVaibhav
Oct 31 2017 09:54 UTC
Finally needed your review coala/coala-bears#2095
This message was deleted
John Vandenberg
@jayvdb
Oct 31 2017 10:07 UTC
corobo mark wip coala/coala-bears#2095
corobo
@co-robo
Oct 31 2017 10:07 UTC
The pull request coala/coala-bears#2095 is marked work in progress. Use corobo mark pending or push to your branch if feedback from the community is needed again.
John Vandenberg
@jayvdb
Oct 31 2017 10:19 UTC
corobo file issue coala-bears Add a non-mocked test to PySafetyBearTest
difficulty/low
corobo
@co-robo
Oct 31 2017 10:19 UTC
Here you go: coala/coala-bears#2102
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 10:35 UTC
You filled a new issue,then what will be my changes on commit message ?:sweat_smile:
Ok i got it
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 11:35 UTC

IMO when i push the first commit forgot to add 'advisory': 'foo', in

vuln_data = {
            'cve': 'CVE-2016-9999',
        }

All CI fails and the error appvaveyourshowed is KeyError for both advisory and description, and after adding its runs fine means Test is checking the KeyError, I will take a look to but it does not check that the advisory message was included in the exception

Vaibhav Rai
@RaiVaibhav
Oct 31 2017 11:51 UTC
KeyError show as i did't provide any key which are getting check in my try and except
John Vandenberg
@jayvdb
Oct 31 2017 12:03 UTC
ya, it is indirectly being tested that there is a description or there is a advisory, but it doesnt check that advisory was definitely there
it isnt a bad test; it just is not a precise and definitive test
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 12:06 UTC
:+1: I will make changes asap
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 17:09 UTC
I made totally a different change as I have missed some things. We are already getting an updated data in the form of json so when we are directly retrieving a advisory then why am I even use try and except as when additional_info can retrieve advisory directly so I added a advisory key directly and changes all the description words with advisory in PySafetyBear.py
Need your review now
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 17:15 UTC
coala/coala-bears#2095
Vaibhav Rai
@RaiVaibhav
Oct 31 2017 17:21 UTC
Means then there is no point of using try and except as we already getting live and updated json
Monal Shadi
@Monal5031
Oct 31 2017 17:42 UTC
corobo assign coala/coala-bears#42
corobo
@co-robo
Oct 31 2017 17:42 UTC
Congratulations! You've been assigned to the issue. :tada:
Shreyans
@shreyans800755
Oct 31 2017 21:15 UTC
corobo mark wip coala/coala-bears#2082
corobo
@co-robo
Oct 31 2017 21:15 UTC
The pull request coala/coala-bears#2082 is marked work in progress. Use corobo mark pending or push to your branch if feedback from the community is needed again.
Shreyans
@shreyans800755
Oct 31 2017 21:20 UTC
@sils Can we have gitmate mark a PR as wip if all the CI jobs are failing ? If all the CI jobs are failing, then most probably something is to be changed in PR and no need to put it in review list. Just a suggestion.
Mischa Krüger
@Makman2
Oct 31 2017 22:11 UTC
@shreyans800755 we have currently many engaged reviewers for newcomer PRs, I'm usually not reviewing anything until it was accepted by a newcomer^^
but only for easy and newcomer PRs, for more complex ones I always take a look
Arjun Nemani
@nemaniarjun
Oct 31 2017 22:13 UTC
@Makman2 coala/coala#4818 :)
Mischa Krüger
@Makman2
Oct 31 2017 22:16 UTC
I shouldn't have talked :sweat_smile:
tests failing @nemaniarjun
Arjun Nemani
@nemaniarjun
Oct 31 2017 22:17 UTC
Yes @Makman2 it will need a lot of work :P Just wanted to tell you I am back on it
Missed coala so much ;)
Mischa Krüger
@Makman2
Oct 31 2017 22:17 UTC
nice :D
looking forward to it :D
hehe :P
Arjun Nemani
@nemaniarjun
Oct 31 2017 22:18 UTC
I am facing a lot of requirments issues
Any new documentation I should look at?
Mischa Krüger
@Makman2
Oct 31 2017 22:18 UTC
don't know :3
you maybe want to consider to code now this Logger class we've talked about
where you can easily switch on things using properties, and the class is responsible for generating a proper configuration
Arjun Nemani
@nemaniarjun
Oct 31 2017 22:19 UTC
yess I am looking forward to that
Mischa Krüger
@Makman2
Oct 31 2017 22:19 UTC
maybe that simplifies things now, a bit sad to abandon the old PR, but actually we've just learnt from it all the time, so it's not really in vain :D