Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Format error in requirement of app can maliciously break AppStore #326

Open
unkcpz opened this issue Nov 24, 2022 · 0 comments
Open

Format error in requirement of app can maliciously break AppStore #326

unkcpz opened this issue Nov 24, 2022 · 0 comments
Labels
bug Something isn't working

Comments

@unkcpz
Copy link
Member

unkcpz commented Nov 24, 2022

The version compatibility check will check the format of the dependencies text, and the unscathed exception raise and break the AppStore if the requirements parse fails. The problem raised with new QeApp since I put the numpy~=1.23 # pined for pymatgen where the # will be regard as invalid symbol. The appstore raise:

---------------------------------------------------------------------------
ParseException                            Traceback (most recent call last)
/opt/conda/lib/python3.9/site-packages/packaging/requirements.py in __init__(self, requirement_string)
    112         try:
--> 113             req = REQUIREMENT.parseString(requirement_string)
    114         except ParseException as e:

/opt/conda/lib/python3.9/site-packages/pyparsing.py in parseString(self, instring, parseAll)
   1954                     exc.__traceback__ = self._trim_traceback(exc.__traceback__)
-> 1955                 raise exc
   1956         else:

/opt/conda/lib/python3.9/site-packages/pyparsing.py in parseImpl(self, instring, loc, doActions)
   3813         if loc < len(instring):
-> 3814             raise ParseException(instring, loc, self.errmsg, self)
   3815         elif loc == len(instring):

ParseException: Expected stringEnd, found '#'  (at char 12), (line:1, col:13)

During handling of the above exception, another exception occurred:

InvalidRequirement                        Traceback (most recent call last)
/opt/aiidalab-home/home/app_manager.py in _uninstall_app(self, _)
    453         """Attempt to uninstall the app."""
    454         try:
--> 455             self._check_detached_state()
    456             self.app.uninstall_app()
    457         except RuntimeError as error:

/opt/aiidalab-home/home/app_manager.py in _check_detached_state(self)
    415     def _check_detached_state(self):
    416         """Check whether the app is in a detached state which would prevent any install or other operations."""
--> 417         self.app.refresh()
    418         self._refresh_widget_state()
    419         blocked = self.app.detached and not self.blocked_ignore.value

/opt/conda/lib/python3.9/site-packages/aiidalab/utils.py in wrapped(instance, *args, **kwargs)
    140 
    141             self.last_start[hash(instance)] = time.perf_counter()
--> 142             return func(instance, *args, **kwargs)
    143 
    144         return wrapped

/opt/conda/lib/python3.9/site-packages/aiidalab/app.py in refresh(self)
    739                 self._refresh_versions()
    740                 self.set_trait(
--> 741                     "compatible", self._is_compatible(self.installed_version)
    742                 )
    743                 self.set_trait(

/opt/conda/lib/python3.9/site-packages/aiidalab/app.py in _is_compatible(self, app_version)
    687         """Determine whether the specified version is compatible."""
    688         try:
--> 689             incompatibilities = dict(
    690                 self._app.find_incompatibilities(version=app_version)
    691             )

/opt/conda/lib/python3.9/site-packages/aiidalab/app.py in find_incompatibilities(self, version, python_bin)
    249         for key, spec in environment.items():
    250             if key == "python_requirements":
--> 251                 yield from zip(
    252                     repeat("python"),
    253                     self._find_incompatibilities_python(spec, python_bin),

/opt/conda/lib/python3.9/site-packages/aiidalab/app.py in _find_incompatibilities_python(requirements, python_bin)
    232     def _find_incompatibilities_python(requirements, python_bin):
    233         packages = find_installed_packages(python_bin)
--> 234         for requirement in map(Requirement, requirements):
    235             f = [p for p in packages if p.fulfills(requirement)]
    236             if not any(f):

/opt/conda/lib/python3.9/site-packages/packaging/requirements.py in __init__(self, requirement_string)
    113             req = REQUIREMENT.parseString(requirement_string)
    114         except ParseException as e:
--> 115             raise InvalidRequirement(
    116                 'Parse error at "{0!r}": {1}'.format(
    117                     requirement_string[e.loc : e.loc + 8], e.msg

InvalidRequirement: Parse error at "'# pined '": Expected stringEnd
@danielhollas danielhollas added the bug Something isn't working label Nov 24, 2022
@unkcpz unkcpz mentioned this issue Nov 24, 2022
Merged
unkcpz added a commit to aiidalab/aiidalab-qe that referenced this issue Nov 24, 2022
@unkcpz
Remove # symbol in requirements which break the deps check (#321)
6bc0409 
This is to avoid the issue of aiidalab/aiidalab#326.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@unkcpz @danielhollas