Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python >= 3.6 tests failing due to PyYAML 6.0 #744

Closed
mschfh opened this issue Oct 23, 2021 · 0 comments · Fixed by #745
Closed

Python >= 3.6 tests failing due to PyYAML 6.0 #744

mschfh opened this issue Oct 23, 2021 · 0 comments · Fixed by #745
Assignees
@ericwb
Labels
bug Something isn't working

Comments

@mschfh
Copy link
Contributor

mschfh commented Oct 23, 2021

Describe the bug

PyYAML 6.0 was recently released for Python 3.6 and up, which causes tests for these versions to fail due to a breaking change:
https://github.com/yaml/pyyaml/blob/8cdff2c80573b8be8e8ad28929264a913a63aa33/CHANGES#L17

always require Loader arg to yaml.load()

log:

Captured traceback:
~~~~~~~~~~~~~~~~~~~
    Traceback (most recent call last):

      File "/opt/hostedtoolcache/Python/3.6.15/x64/lib/python3.6/unittest/mock.py", line 1183, in patched
    return func(*args, **keywargs)

      File "/home/runner/work/bandit/bandit/tests/unit/formatters/test_yaml.py", line 73, in test_report
    data = yaml.load(f.read())

    TypeError: load() missing 1 required positional argument: 'Loader'

requirements.txt specifies PyYAML>=5.3.1, replacing it with PyYAML>=5.3.1, <6.0 resolves the problem

Reproduction steps

run tests with Python 3.6 or up

Expected behavior

tests are passing

Bandit version

1.7.0 (Default)

Python version

3.6

Additional context

No response
@mschfh mschfh added the bug Something isn't working label Oct 23, 2021
@ericwb ericwb self-assigned this Oct 24, 2021
@ericwb ericwb mentioned this issue Oct 24, 2021
Merged
ericwb added a commit that referenced this issue Oct 24, 2021
@ericwb
Always use a Loader in yaml.load (#745)
aac3f16 
A recent change within pyyaml 6.0 has enforce use of a Loader argument
to yaml.load [1].

To comply, Bandit will use yaml.load with a Loader always. The plugin
to check for unsafe loaders of yaml module still applies.

[1] yaml/pyyaml#561

Closes #744

Signed-off-by: Eric Brown <browne@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ericwb ericwb

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Always use a Loader in yaml.load
2 participants
@ericwb @mschfh