These are chat archives for coala/coala-bears

26th
Feb 2018
Ankit Joshi
@MacBox7
Feb 26 2018 07:59
Wanted to know if the the issue coala/coala-bears#1637 is feasible as per the current architecture and should I work on it?
Mischa Krüger
@Makman2
Feb 26 2018 14:17
@MacBox7 yeah the current architecture doesn't have a clean way to pass directories only (/ that we properly handle directories matched by files)
but you can workaround that, by exploiting the file-dict of a global-bear
iirc @sangamcse did something recently which is similar:
finally he ended up using os.path.commonpath(self.file_dict) to get one "working directory" for the tool to scan
Sangam Kumar
@sangamcse
Feb 26 2018 14:18
Yeah
Vaibhav Rai
@RaiVaibhav
Feb 26 2018 14:18
Any one help me in testing additional_info parameter, it causing assertion_error, how do I pass that in LocalBearTestHelper
to match it with actual result
Mischa Krüger
@Makman2
Feb 26 2018 14:19
pass it via the result you assert against @RaiVaibhav ;)
Vaibhav Rai
@RaiVaibhav
Feb 26 2018 14:25

Actually format is like this


requirement.txt
[   1] bottle==0.10.0
**** PySafetyBear [Section: cli | Severity: NORMAL] ****
!    ! bottle<0.12.10 is vulnerable to CVE-2016-9964 and your project is using 0.10.0.
[    ] *0. Do (N)othing
[    ]  1. (O)pen file
[    ]  2. Print (M)ore info
[    ]  3. Add (I)gnore comment
[    ] Enter number (Ctrl-D to exit): 2
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
[    ] The action was executed successfully.
[    ] *0. Do (N)othing
[    ]  1. (O)pen file
[    ]  2. Print (M)ore info
[    ]  3. Add (I)gnore comment
[    ] Enter number (Ctrl-D to exit):

that means I have to pass whole
'bottle<0.12.10 is vulnerable to CVE-2016-9964 and your project is using 0.10.0.', + additional_info

to assert the result?
Ankit Joshi
@MacBox7
Feb 26 2018 14:29
@sangamcse can you share link to your code ?
Mischa Krüger
@Makman2
Feb 26 2018 14:30
@RaiVaibhav you have a link?
then I see your test situation^^
Nityesh Agarwal
@nityeshaga
Feb 26 2018 14:31
Hey can someone please tell me how I can use pdb with coala? It will be of great help if you can point me to some relevant links too
Vaibhav Rai
@RaiVaibhav
Feb 26 2018 14:34
requirement.txt
bottle==0.10.0
Mischa Krüger
@Makman2
Feb 26 2018 14:38
Ah yeah, just pass additional_info to your Result instance
via the additional_info parameter ;)
@RaiVaibhav
Vaibhav Rai
@RaiVaibhav
Feb 26 2018 14:39
oh ok thanks :+1:
Ankit Joshi
@MacBox7
Feb 26 2018 14:39
Since https://github.com/python-security/pyt is not available as a pip dependency. How should I make sure that it gets installed in user's environment while installing coala-bears ?
I have installed it on my environment. My question was how to integrate the installation procedure to coala? Or does it required to be installed by the user explicitly.
saksham189
@saksham189
Feb 26 2018 14:42
yes the user has to install it explicitly
you could add this to the documentation of the bear
Ankit Joshi
@MacBox7
Feb 26 2018 14:44
If that's the case then won't the tests fail, if i upload my bear ?
saksham189
@saksham189
Feb 26 2018 14:58
yes
you have to add the installation instructions to the ci script
to install pyt
so that your tests can pass
Ankit Joshi
@MacBox7
Feb 26 2018 15:00
ok got it thanks!
Harsh Kumar Bhartiya
@harshhx17
Feb 26 2018 17:15
Pytest is also failiing on coala-bears clone
https://gist.github.com/harshhx17/fa4d3f3cac5b8162e4df7327355f7531
Mischa Krüger
@Makman2
Feb 26 2018 17:22
@harshhx17 do you have all tools installed?
And I really mean, all tools?
(don't do that now, that's why we have a docker image)
Harsh Kumar Bhartiya
@harshhx17
Feb 26 2018 17:27
I am not pretty sure..
Mischa Krüger
@Makman2
Feb 26 2018 17:28
But I am :sweat_smile:
Harsh Kumar Bhartiya
@harshhx17
Feb 26 2018 17:28
:sweat_smile:
Mohit Juneja
@Mohit17067
Feb 26 2018 18:05
@Makman2 Could you please see coala/coala-bears#2294 once?(tests are failing)
Mischa Krüger
@Makman2
Feb 26 2018 19:40
@Mohit17067 have you looked at the build logs already?