-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Communcation problem between peekaboo and cuckoo #57
Comments
It is in fact related to the mentioned flask dependency. With a targeted upgrade of flask I could resolve this issue: |
Under which circumstances did the error occur? Was it right at startup or during the course of an analysis? Did you also provide the git master of the Installer with a git master checkout of Peekaboo or did the installer install the releases Peekaboo 1.7 from PyPI? ( A class named Request presumably not containing
Note the deprecation warning turned up by grep right away. Is it possible that your cuckoo was somehow running with a more recent version of werkzeug from either inside or outside the venv? What versions of flask and werkzeug were installed before the upgrade and what versions did the upgrade install? cuckoo requires flask==0.12.2 in its
werkzeug seems to be an indirect dependency and is not directly requested by cuckoo's
As grep showed above that does still contain
PyPI does have flask at 1.1.1 and werkzeug at 1.0.0. So flask 0.12.2 is likely actively keeping werkzeug at 0.16.1. How come you're upgrading your system flask when the installer installs cuckoo in its own virtual environment in |
Ah, Anyway, forget my last question above. So we should find out if and how you're ending up with a venv for cuckoo that contains a werkzeug without |
I am using the latest version of peekabooAV. According to this issue the Werkzeug library (dependency from Flask) recently received a major update (0.16.1 --> 1.0.0) and it looks like Flask (<=0.12.4) does not restrict it. The issue is just 3 days old. I was actually pretty sure that there must be an easier solution than using the system pip, but I just didn't know how. Thanks for the tip. I will keep it in mind. |
Okay, I created a new venv and installed Cuckoo:
This left me with exactly what you describe:
Pinning dependency versions was supposed to help with this kind of thing: cuckoosandbox/cuckoo#602 but in this case actually achieved the opposite because flask isn't (or wasn't) doing the same. Okay, so what are our options:
|
I am willing to raise an issue with Cuckoo. However, I am not entirely sure about the wording. Here would be my suggestion.
Feel free to suggest changes. I am very new to this and appreciate every input. |
Since I wanted to get the system working asap for my peekaboo yt tutorial I went with option b. For a stable solution I would go with what you suggest as the more experienced. |
Go for it. :) If you wanted to save the Cuckoo guys some digging through our diagnosis here you could add the cuckoo backtrace from your original report, the grepping I did on the venv and the pip list outputs showing the working and broken version combinations (0.12.2+0.16.1 and 1.1.1.+1.0.0 vs. 0.12.2+1.0.0). You could also circle back to my original question which interaction with cuckoo triggers the error. I'd guess it's any action via the REST api. If you could construct a curl command that triggers it reliably, that'd certainly help to reproduce (they won't have a whole Peekaboo installation around :). |
Work around flask not pinning its dependency versions, pulling in a werkzeug that is too new for itself. We rely on pip's laziness in upgrading to leave this version alone as long as it suffices for flask. Should become irrelevant as cuckoo switches to a newer flask which supports and pulls in a newer werkzeug. We do this in a separate step to avoid conflicts within a single transaction. Closes scVENUS#57.
Work around flask not pinning its dependency versions, pulling in a werkzeug that is too new for itself. We rely on pip's laziness in upgrading to leave this version alone as long as it suffices for flask. Should become irrelevant as cuckoo switches to a newer flask which supports and pulls in a newer werkzeug. We do this in a separate step to avoid conflicts within a single transaction. Closes scVENUS#57.
@JannisTriesToCode: Can you have a look at #61 to see if that fixes the issue? |
I have only read the your code and tried it out, but it might just work. Let's wait for @Jack28 approval. |
Using the latest version I am running into communication problems between cuckoo and peekaboo.
It could be related to the latest update of a dependency of flask. Link
The text was updated successfully, but these errors were encountered: