Skip to content
This repository has been archived by the owner on Nov 28, 2023. It is now read-only.

Project dependencies have API risk issues #1408

Open
PyDeps opened this issue Jul 14, 2022 · 0 comments
Open

Project dependencies have API risk issues #1408

PyDeps opened this issue Jul 14, 2022 · 0 comments

Comments

@PyDeps
Copy link

PyDeps commented Jul 14, 2022

Hi, In Cobra, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

Flask==1.0.0
Flask-RESTful==0.3.6
rarfile==2.7
prettytable==0.7.2
requests==2.20.0
pytest==3.0.6
pip==9.0.1
phply==1.0.0
Werkzeug==0.15.3
ConcurrentLogHandler==0.9.1

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency pip can be changed to >=22.0.4,<=22.1.2.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the requests

The calling methods from the pytest

The calling methods from the pip
shutil.rmtree
The calling methods from the all methods
vulnerability_name.lower
score2level
module_.split
url_unquote
simple_version_str.strip
content.encode
version_str.strip
rar_file.close
quote
filename.normalize.encode
urlretrieve
csv_writer.writerows
pusher.push
re.sub
self._result.keys
code.dedent
make_parser
requests.post
n.split
self.cve_parse
simple_version_str.isdigit
parse_requirements
origin_results.strip.split
cve.get_scan_result
f.readlines
reqparse.RequestParser
cve_path.lower.split
exec
self.output_colorized
pull_out.decode
result.split
json.loads
vul.get
scan_status.get.get
is_update
rar_file.extractall
encoding.ret.get_unicode.strip
os.getcwd
resp.json
const.fpc_multi.replace
targets.append
clone_err.strip
case.text.strip
self.clone
send_mail
os.path.dirname
code.strip
s_sid_data.get
key_verify
result.update
self.cve_info
get_all_params
x.add_row
self.parse_err
language.get
reload
self._syntax_error
queue.Queue
exit
self.rule_match.strip
analysis_if_else
language.len.self.file_path.lower
msg.attach
f.endswith
Config
download_rule_gz
self.get_dict
rule.get
f.seek
pool.close
fh.setFormatter
config.set
members.append
re.split
file_line.endswith
self.code.append
getattr
self.__decompress_zip
_filename_utf8_strip_re.sub
clean_dir
file_type.append
CAST
cobra.set
clone_out.decode
running.init_list
module_.self._result.get
deps.get
Dependencies
isatty
res.group
self.result.append
self.stream.write
self.files
r_data.items
json.load
fn.split.split
self._read_xml
index.r.text.strip
entry.find
file_line.count
f.json.load.get
tarfile.open
self.countnum
lexer.clone
i.setDaemon
flush_output
random.choice
dict.fromkeys
back_node.append
running.is_file
md5
self.count_php_line
urllib.quote
pull_err.strip
lang.get.lower
self._expr_code
Rule
ColorizingStreamHandler
os.walk
re.json
self.notification
mimetypes.guess_type
dict_to_json
logger.addHandler
self.file_path.split
simple_version_str.replace
r.insert
s_sid.Running.is_file
cve_vuls.append
code.get_globals
argparse.ArgumentParser
os.path.split
vul.items
self.parse_match
l.split.strip
diff.setdefault
self.ansi_esc.split
os.path.isfile
index.is_test.self.sr.vulnerability.self.target_directory.Core.scan
comparator.compare
file_line.startswith
res_err.decode
range
fi.read
g_file.close
line.split
scan_data.get.get
quote_plus
adict.items
p.communicate
self.rule_repair.strip
multiprocessing.Pool
multiprocessing.Process
producer
err.strip
cve_file.append
operator_re.match
q.get
analysis_arrayoffset_node
vulnerability.get
result.decode
origin_results.strip
self.find_python_pip
nodes.append
analysis
class_name.replace
file_line.find
self.find_nodejs_npm
html.escape
cpe_list.append
self.functions
time_start.strftime
search_data.append
sh.setFormatter
self.post_data.append
self.config.read
ast.match
urllib.parse.quote
f.readline
ctypes.windll.kernel32.GetStdHandle
removed.append
path.decode
MIMEApplication
self.repo_address.split.replace
r_data.get
time.time
Git
params.split
const.fpc_single.replace
languages.items
files.append
filename.decode
pro_info.lower
message.as_string
int
os.path.splitext
self.is_pickup_whitelist
package.get
scan_parser
time.clock
self.format
self.is_special_file
normalize
self._check_rule_name
t.join
self.set_scan_result
re.compile
config_extension.split
json.dumps
req.name.strip.lower
f.truncate
data.get
ops_stack.append
self.dependency_scan
cvi_file.startswith
push_rules.append
analysis_variable_node
request_target
platform.platform.lower
render_template
Core
smtplib.SMTP_SSL
urlparse
self.pretty
self.result.items
base64.b64encode
AuthFailedException
server.login
pull_err.replace
scan_data.get
module_.results.items
content.hashlib.md5.hexdigest
get_pages
still_running.items
traceback.format_exc
resource.add_resource
rule_info.append
pa.target_directory
single_time_warn_message
tree.getroot
sid.lower
target_directory.rstrip
set
g_file.read
zip_file.close
t_end.timetuple
datetime.datetime.now
len
result.strip.split
parser_group_server.add_argument
self.code.extend
l_name.language_extensions.append
self.get_real_directory
Running
allowed_file
fi.write
PushToThird
r.text.find
match.group
words.startswith
time.strptime
version_str.split
pool.apply_async
copyfile
self.__decompress_rar
Config.value.split
line.diff.setdefault.append
re.escape
rule.get.lower
results.insert
issue_url.group
value.str.lower
sorted
self.find_java_mvn
pull_out.lower
callable
self.simple_parse
single_match.split
item.generic
self.get_cve_file
start
get_sid
self.config.write
os.listdir
list
os.path.isdir
clone_err.decode
log_out.decode
push_to_api
max
git_urls.append
os.path.join
self.__decompress_tar_gz
result.get
traceback.print_exc
analysis_file_inclusion
sum
self.__check_exist
rule_version.strip
self.colorize
checkout_err.decode
pipes.quote
write
random_generator
added.append
cobra.append
os.path.abspath
f.writelines
self.types.get
name.strip
target_str.split
time.strftime
self.context.update
sid.Running.list
diff_out.split
path.replace
f_name.f_lang.frameworks_rules.append
PickupException
stream.write
x.get
special_rules.split
hash_list.append
year.target_directory.CveParse.rule_xml
logging.StreamHandler
file_path.replace
vul_list.keys
Decompress
self.rule_info
get_binaryop_deep_params
ast.is_controllable_param
target_directory.Directory.collect_files
vars_set.add
msg.as_string
Config.set
self.dependency_framework
open
sys.setdefaultencoding
l.split
path.split
os.remove
t_start.timetuple
issues.append
dep_version.strip
language_name.language_data.setdefault
datetime.datetime.today.strftime
search_result.values
is_list
file_path.split
smtp.login
self.repo_address.split
q_pages.empty
origin_vulnerability.strip
dict_to_xml
q_pages.put
res_out.decode
child.getchildren
logging.StreamHandler.format
product.text.lower.split
secure_filename
fi.close
code.add_section
self.block_code
datetime.timedelta
versions.append
self.get_path
logger.warning
self.rule_repair.strip.split
server.sendmail
app.route
fi.tell
self.language.self.regex.format
CveParse
language_info.lower
self.checkout
f_name.open.write
buffer_.append
logger.critical
Comparator
data.append
self.special_rules.append
type_num.setdefault
block
create_github_issue
self.rule
logger.debug
f.json.load.get.get
self.count_data_line
ctypes.windll.kernel32.SetConsoleTextAttribute
datetime.datetime.today
x.code_content.strip
os.path.exists
results.append
vulnerability_result.file_path.strip
logger.error
self.get_rule
result.append
vars_code.add_line
split_branch
p.join
self.count_total_num
target_info.update
file_handler.read
os.path.getctime
buffered.append
subprocess.PIPE.subprocess.PIPE.self.filename.self.svn.subprocess.Popen.communicate
running.list
filter
changed.append
parser.parse_args
module_version.get
i.start
data_results.get
file_extension.lower.self.type_nums.setdefault.append
self.count_py_line
case.get.lower
thread.join
fn.split
x.get.lower
params.append
entry.findall
sys.stdout.flush
diff_out.decode
response.headers.split
r.rules
PrettyTable
Tool
framework.get.lower
scan_list.get.items
get_config_hash
config.Config
base64.b64decode
filename.secure_filename.split
ParseArgs
attachment.add_header
file_line.lstrip
scan_list.get.keys
Report
value
expr.split
VulnerabilityResult
pusher.add_data
header.api_url.requests.get.json
re.match
search_rule
MIMEMultipart
x.code_content.decode
tmp_filename.result.append
afile_name.split
error.decode
self.file_info
LooseVersion.__init__
set_config_hash
self.count_html_line
s_sid.Running.data
param_name.strip
print
requests.packages.urllib3.disable_warnings
framework.get
project_info.get
parser.print_help
cve_child.set
get_safe_ex_string
tar_file.extractall
cve_files.append
_.encode
thread.start
self.is_annotation
time.mktime
write_to_file
rarfile.RarFile
dict_to_pretty_table
product.text.split
code.add_line
output.startswith
self.config.set
code.indent
frame_name.frame_data.append
main
is_text
Report.run
root.findall
self._result.update
api.start
os.makedirs
shutil.rmtree
json_data.update
_.hashlib.md5.hexdigest
NotExistException
q.task_done
ConfigParser
r.json
Directory
self.origin_results
message.lstrip
find_vulnerabilities.append
data.encode
MIMEText
vulnerabilities.append
clone_err.replace
x.split
analysis_echo_print
min
app.register_blueprint
self.file_path.File.lines
os.chdir
checkout_out.decode
vulnerability_result.code_content.strip
dict
get_expr_name
csv_writer.writeheader
blocks.items
set_scan_results
subprocess.Popen
message.decode
cli.start
message.attach
scan_cve
custom_ext.get
self._render_function
req.name.strip
self.get_member
config.read
cve_child.append
un_gz
checkout_err.strip
get_function_params
parsed.append
q.put
os.path.basename
Exception.__init__
render_context.update
header.insert
ver.strip.split
x.code_content.decode.strip
product.text.lower
threads.append
smtplib.SMTP
f.split
parser_group_scan.add_argument
r.status
repo.startswith
File
diff_err.decode
cve_path.lower
gz_file.replace
time_end.encode
self._variable
config.write
header.remove
m.get
a_sid.Running.list
csv.DictWriter
logging.getLogger
create_projects_hash
properties.update
vulnerability_name.replace
fh.setLevel
content.split
enumerate
Blueprint
clone_out.strip
unhandled_exception_message
file_line.strip
r.init_list
token.strip
self.__check_filename_dir
self.config.get
os.mkdir
parser.add_argument_group
platform.platform
self.find_file
get_node_name
trigger_rules.append
error.strip
version_str.replace
parse_match
requests.get
line_arr.strip
sys.exit
a_sid.Running.status
v_path.lower.split
r.list
pro_info.project_info.get.get
self.capture
export_list
self.type_nums.items
args.rules.split
q_pages.get
sys.stdout.write
self.project_information
res.file_path.replace
cve_child.findall
row_list.add_row
request.args.get
self.handleError
self.target.Decompress.decompress
Exception
pull_err.decode
is_sink_function
rule.replace
TempliteSyntaxError
scan
ver.strip
self.target.split
to_bool
case.get
time.localtime
join
filename.rsplit
CodeBuilder
isinstance
filename.split.upper
tree.write
eT.ElementTree
module_.str.startswith
extension.self.result.append
access_token.base64.b64decode.decode
eT.Element
unhandled_exception_unicode_message
export_params.append
ElementTree.parse
pool.join
data_lists.append
f.read
PushBase.__init__
Api
time_start.encode
self._framework.append
fcntl.flock
gzip.GzipFile
self.file_path.lower
parts.pop
re.search
self.rule_parse
self.parse_xml
p.start
guess_type
scan_list.get.get
analysis_functioncall_node
dict_to_csv
_dict.update
extension.strip
x.get.encode
ops_stack.pop
t_start.strftime
image_file.read
v_path.lower
float
self.parser.parse_args
f.write
datetime.datetime.strptime
fi.readline
get_unicode
filters.append
pull_out.strip
self.file_path.open.read
zipfile.ZipFile
tar_file.close
hashlib.md5
message.re.search.group
filename.split
get_binaryop_params
fd
SingleRule
args.target.split
Flask
get_silence_params
self.dependencies
self.flush
data_content.get
self.file.append
language_data.setdefault
is_controllable
str
os.path.getsize
frame_data.keys
pull_err.strip.replace
target_directorys.append
vul.get.strip
type
allfiles.append
x.text.strip
line.strip
cloghandler.ConcurrentRotatingFileHandler
version_match.group
analysis_eval
extension.lower
running.status
file_instance.save
anlysis_function
lang.get
self.rule_vulnerabilities.append
single_rule.target_directory.SingleRule.process
table.add_row
parameters_back
threading.Thread
scan_status.get
logger.setLevel
cve.scan_cve
NotExistError
Detection
param.append
language.get.lower
sorted_dict
vul.get.replace
map
hasattr
self.__parse_diff_result
start.strftime
sys.version.split
properties.get
case_ret.rule_info.append
is_repair
self.count_java_line
format
extension.replace
v.get
token.strip.split
analysis_binaryop_node
stdout_encode
self.is_match_only_rule
Version
gg.clone
self.type_nums.setdefault
self.rule_match.strip.split
logging.Formatter
parser.add_argument
msg.decode
self.parse_version
value.encode
_check_rule_name
frame_data.setdefault
get_cast_params
parser.parse
q_pages.task_done
server.quit
self.component_re.split
result_list.append
smtp.sendmail
file_path.append
logger.info
re.findall
self.is_white_list
subprocess.PIPE.fn.subprocess.Popen.communicate
eT.parse
vulnerability.get.upper
result.strip
self.file_path.replace
scan_list.get
token.startswith
functions.items
self.is_test_file
app.run
file_extension.lower
self.pull
zip_file.extractall
self.log_result
repr

Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant