Console Output

[PLA-stage_2-merge_v14.0] Running shell script
+ runuser jenkins -c devops-stages/stage-test.sh
Launching tox
✔ OK black in 9.786 seconds
black create: /tmp/.tox/black
black installdeps: black
black installed: black==24.4.2,click==8.1.7,mypy-extensions==1.0.0,packaging==24.0,pathspec==0.12.1,platformdirs==4.2.2,tomli==2.0.1,typing_extensions==4.12.0
black run-test-pre: PYTHONHASHSEED='836783421'
black run-test: commands[0] | black --check --diff osm_pla/
All done! ✨ 🍰 ✨
13 files would be left unchanged.

✔ OK flake8 in 13.233 seconds
flake8 create: /tmp/.tox/flake8
flake8 installdeps: flake8
flake8 develop-inst: /home/jenkins/workspace/PLA-stage_2-merge_v14.0
flake8 installed: flake8==7.0.0,mccabe==0.7.0,-e git+https://osm.etsi.org/gerrit/osm/PLA.git@1390ad3b57015778e9ffd0d52725110503583c26#egg=osm_pla,pycodestyle==2.11.1,pyflakes==3.2.0
flake8 run-test-pre: PYTHONHASHSEED='512065236'
flake8 run-test: commands[0] | flake8 osm_pla/ setup.py

✔ OK safety in 30.164 seconds
safety create: /tmp/.tox/safety
safety installdeps: -r/home/jenkins/workspace/PLA-stage_2-merge_v14.0/requirements.txt, safety
safety develop-inst: /home/jenkins/workspace/PLA-stage_2-merge_v14.0
safety installed: annotated-types==0.7.0,Authlib==1.3.0,certifi==2024.2.2,cffi==1.16.0,charset-normalizer==3.3.2,click==8.1.7,cryptography==42.0.7,dparse==0.6.4b0,idna==3.7,Jinja2==3.1.2,markdown-it-py==3.0.0,MarkupSafe==2.1.3,marshmallow==3.21.2,mdurl==0.1.2,-e git+https://osm.etsi.org/gerrit/osm/PLA.git@1390ad3b57015778e9ffd0d52725110503583c26#egg=osm_pla,packaging==24.0,pycparser==2.22,pydantic==2.7.1,pydantic_core==2.18.2,Pygments==2.18.0,pymzn==0.18.3,PyYAML==6.0.1,requests==2.32.2,rich==13.7.1,ruamel.yaml==0.18.6,ruamel.yaml.clib==0.2.8,safety==3.2.0,safety-schemas==0.0.2,shellingham==1.5.4,tomli==2.0.1,typer==0.12.3,typing_extensions==4.12.0,urllib3==2.2.1
safety run-test-pre: PYTHONHASHSEED='1609973173'
safety run-test: commands[0] | - safety check --full-report
+==============================================================================+

                               /$$$$$$            /$$
                              /$$__  $$          | $$
           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$
          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$
         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$
          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$
          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$
         |_______/  \_______/|__/     \_______/   \___/   \____  $$
                                                          /$$  | $$
                                                         |  $$$$$$/
  by safetycli.com                                        \______/

+==============================================================================+

 REPORT 

  Safety is using PyUp's free open-source vulnerability database. This
data is 30 days old and limited. 
  For real-time enhanced vulnerability data, fix recommendations, severity
reporting, cybersecurity support, team and project policy management and more
sign up at https://pyup.io or email sales@pyup.io

  Safety v3.2.0 is scanning for Vulnerabilities...
  Scanning dependencies in your environment:

  -> /home/jenkins/workspace/PLA-stage_2-merge_v14.0
  -> /tmp/.tox/safety/bin
  -> /usr/lib/python310.zip
  -> /usr/lib/python3.10/lib-dynload
  -> /tmp/.tox/safety/lib/python3.10/site-packages
  -> /usr/lib/python3.10

  Using open-source vulnerability database
  Found and scanned 36 packages
  Timestamp 2024-05-24 09:49:25
  4 vulnerabilities reported
  0 vulnerabilities ignored

+==============================================================================+
 VULNERABILITIES REPORTED 
+==============================================================================+

-> Vulnerability found in wheel version 0.37.1
   Vulnerability ID: 51499
   Affected spec: <0.38.1
   ADVISORY: Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue
   discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier
   allows remote attackers to cause a denial of service via attacker
   controlled input to wheel cli.https://pyup.io/posts/pyup-discovers-redos-
   vulnerabilities-in-top-python-packages
   CVE-2022-40898
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/51499/97c
   To ignore this vulnerability, use PyUp vulnerability id 51499 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in pip version 22.0.2
   Vulnerability ID: 62044
   Affected spec: <23.3
   ADVISORY: Affected versions of Pip are vulnerable to Command
   Injection. When installing a package from a Mercurial VCS URL (ie "pip
   install hg+...") with pip prior to v23.3, the specified Mercurial revision
   could be used to inject arbitrary configuration options to the "hg clone"
   call (ie "--config"). Controlling the Mercurial configuration can modify
   how and which repository is installed. This vulnerability does not affect
   users who aren't installing from Mercurial.
   CVE-2023-5752
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/62044/97c
   To ignore this vulnerability, use PyUp vulnerability id 62044 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in pip version 22.0.2
   Vulnerability ID: 67599
   Affected spec: >=0
   ADVISORY: ** DISPUTED ** An issue was discovered in pip (all
   versions) because it installs the version with the highest version number,
   even if the user had intended to obtain a private package from a private
   index. This only affects use of the --extra-index-url option, and
   exploitation requires that the package does not already exist in the
   public index (and thus the attacker can put the package there with an
   arbitrary version number). NOTE: it has been reported that this is
   intended functionality and the user is responsible for using --extra-
   index-url securely.
   CVE-2018-20225
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/67599/97c
   To ignore this vulnerability, use PyUp vulnerability id 67599 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


-> Vulnerability found in jinja2 version 3.1.2
   Vulnerability ID: 64227
   Affected spec: <3.1.3
   ADVISORY: Jinja2 before 3.1.3 is affected by a Cross-Site
   Scripting vulnerability. Special placeholders in the template allow
   writing code similar to Python syntax. It is possible to inject arbitrary
   HTML attributes into the rendered HTML template. The Jinja 'xmlattr'
   filter can be abused to inject arbitrary HTML attribute keys and values,
   bypassing the auto escaping mechanism and potentially leading to XSS. It
   may also be possible to bypass attribute validation checks if they are
   blacklist-based.
   CVE-2024-22195
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/64227/97c
   To ignore this vulnerability, use PyUp vulnerability id 64227 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.


+==============================================================================+
   REMEDIATIONS

  4 vulnerabilities were reported in 3 packages. For detailed remediation & 
  fix recommendations, upgrade to a commercial license. 

+==============================================================================+

 Scan was completed. 4 vulnerabilities were reported. 

+==============================================================================+

  Safety is using PyUp's free open-source vulnerability database. This
data is 30 days old and limited. 
  For real-time enhanced vulnerability data, fix recommendations, severity
reporting, cybersecurity support, team and project policy management and more
sign up at https://pyup.io or email sales@pyup.io

+==============================================================================+

✔ OK pylint in 35.969 seconds
pylint create: /tmp/.tox/pylint
pylint installdeps: -r/home/jenkins/workspace/PLA-stage_2-merge_v14.0/requirements.txt, -r/home/jenkins/workspace/PLA-stage_2-merge_v14.0/requirements-dev.txt, -r/home/jenkins/workspace/PLA-stage_2-merge_v14.0/requirements-test.txt, pylint
pylint develop-inst: /home/jenkins/workspace/PLA-stage_2-merge_v14.0
pylint installed: aiokafka==0.8.1,astroid==3.2.2,async-timeout==4.0.3,coverage==7.3.1,dataclasses==0.6,dill==0.3.8,dnspython==2.4.2,isort==5.13.2,Jinja2==3.1.2,kafka-python==2.0.2,MarkupSafe==2.1.3,mccabe==0.7.0,mock==5.1.0,motor==3.3.1,nose2==0.13.0,osm-common @ git+https://osm.etsi.org/gerrit/osm/common.git@df511049aeda8da03035b3adc2f900b76c8255de,-e git+https://osm.etsi.org/gerrit/osm/PLA.git@1390ad3b57015778e9ffd0d52725110503583c26#egg=osm_pla,packaging==23.1,platformdirs==4.2.2,pycryptodome==3.19.0,pylint==3.2.2,pymongo==4.5.0,pymzn==0.18.3,PyYAML==6.0.1,tomli==2.0.1,tomlkit==0.12.5,typing_extensions==4.12.0
pylint run-test-pre: PYTHONHASHSEED='3848563815'
pylint run-test: commands[0] | pylint -E osm_pla

✔ OK cover in 36.192 seconds
cover create: /tmp/.tox/cover
cover installdeps: -r/home/jenkins/workspace/PLA-stage_2-merge_v14.0/requirements.txt, -r/home/jenkins/workspace/PLA-stage_2-merge_v14.0/requirements-dev.txt, -r/home/jenkins/workspace/PLA-stage_2-merge_v14.0/requirements-test.txt
cover develop-inst: /home/jenkins/workspace/PLA-stage_2-merge_v14.0
cover installed: aiokafka==0.8.1,async-timeout==4.0.3,coverage==7.3.1,dataclasses==0.6,dnspython==2.4.2,Jinja2==3.1.2,kafka-python==2.0.2,MarkupSafe==2.1.3,mock==5.1.0,motor==3.3.1,nose2==0.13.0,osm-common @ git+https://osm.etsi.org/gerrit/osm/common.git@df511049aeda8da03035b3adc2f900b76c8255de,-e git+https://osm.etsi.org/gerrit/osm/PLA.git@1390ad3b57015778e9ffd0d52725110503583c26#egg=osm_pla,packaging==23.1,pycryptodome==3.19.0,pymongo==4.5.0,pymzn==0.18.3,PyYAML==6.0.1
cover run-test-pre: PYTHONHASHSEED='2723037200'
cover run-test: commands[0] | sh -c 'rm -f nosetests.xml'
cover run-test: commands[1] | coverage erase
cover run-test: commands[2] | nose2 -C --coverage osm_pla
.......ERROR:pla.server:PLA fault. Exception: kaboom!
Traceback (most recent call last):
  File "/home/jenkins/workspace/PLA-stage_2-merge_v14.0/osm_pla/server/server.py", line 200, in get_placement
    nsd = self._get_nsd(nslcmop["operationParams"]["nsdId"])
  File "/usr/lib/python3.10/unittest/mock.py", line 1114, in __call__
    return self._mock_call(*args, **kwargs)
  File "/usr/lib/python3.10/unittest/mock.py", line 1118, in _mock_call
    return self._execute_mock_call(*args, **kwargs)
  File "/usr/lib/python3.10/unittest/mock.py", line 1173, in _execute_mock_call
    raise effect
RuntimeError: kaboom!
..........................................................................
----------------------------------------------------------------------
Ran 81 tests in 9.517s

OK
Name                                          Stmts   Miss  Cover
-----------------------------------------------------------------
osm_pla/__init__.py                               0      0   100%
osm_pla/cmd/__init__.py                           0      0   100%
osm_pla/cmd/pla_server.py                        23     23     0%
osm_pla/config/config.py                         39     21    46%
osm_pla/placement/__init__.py                     0      0   100%
osm_pla/placement/mznplacement.py               135      1    99%
osm_pla/server/server.py                        129     26    80%
osm_pla/test/__init__.py                          0      0   100%
osm_pla/test/test_mznModelGenerator.py          134      3    98%
osm_pla/test/test_mznPlacementConductor.py       31      0   100%
osm_pla/test/test_mznmodels.py                  269     24    91%
osm_pla/test/test_nsPlacementDataFactory.py     262      3    99%
osm_pla/test/test_server.py                     200      9    96%
-----------------------------------------------------------------
TOTAL                                          1222    110    91%

cover run-test: commands[3] | coverage report '--omit=*tests*'
Name                                          Stmts   Miss  Cover
-----------------------------------------------------------------
osm_pla/__init__.py                               0      0   100%
osm_pla/cmd/__init__.py                           0      0   100%
osm_pla/cmd/pla_server.py                        23     23     0%
osm_pla/config/config.py                         39     21    46%
osm_pla/placement/__init__.py                     0      0   100%
osm_pla/placement/mznplacement.py               135      1    99%
osm_pla/server/server.py                        129     26    80%
osm_pla/test/__init__.py                          0      0   100%
osm_pla/test/test_mznModelGenerator.py          134      3    98%
osm_pla/test/test_mznPlacementConductor.py       31      0   100%
osm_pla/test/test_mznmodels.py                  269     24    91%
osm_pla/test/test_nsPlacementDataFactory.py     262      3    99%
osm_pla/test/test_server.py                     200      9    96%
-----------------------------------------------------------------
TOTAL                                          1222    110    91%
cover run-test: commands[4] | coverage html -d ./cover '--omit=*tests*'
Wrote HTML report to ./cover/index.html
cover run-test: commands[5] | coverage xml -o coverage.xml '--omit=*tests*'
Wrote XML report to coverage.xml

___________________________________ summary ____________________________________
  black: commands succeeded
  cover: commands succeeded
  flake8: commands succeeded
  pylint: commands succeeded
  safety: commands succeeded
  congratulations :)