[PLA-stage_2-merge_v15.0] Running shell script
+ runuser jenkins -c devops-stages/stage-test.sh
Launching tox
✔ OK flake8 in 10.718 seconds
flake8 create: /tmp/.tox/flake8
flake8 installdeps: flake8
flake8 develop-inst: /home/jenkins/workspace/PLA-stage_2-merge_v15.0
flake8 installed: flake8==7.0.0,mccabe==0.7.0,-e git+https://osm.etsi.org/gerrit/osm/PLA.git@5fa7d6b3638b309669be7295535dd171e8615acb#egg=osm_pla,pycodestyle==2.11.1,pyflakes==3.2.0
flake8 run-test-pre: PYTHONHASHSEED='2465755895'
flake8 run-test: commands[0] | flake8 osm_pla/ setup.py
✔ OK safety in 27.136 seconds
safety create: /tmp/.tox/safety
safety installdeps: -r/home/jenkins/workspace/PLA-stage_2-merge_v15.0/requirements.txt, safety
safety develop-inst: /home/jenkins/workspace/PLA-stage_2-merge_v15.0
safety installed: annotated-types==0.6.0,Authlib==1.3.0,certifi==2024.2.2,cffi==1.16.0,charset-normalizer==3.3.2,click==8.1.7,cryptography==42.0.7,dparse==0.6.4b0,idna==3.7,Jinja2==3.1.2,markdown-it-py==3.0.0,MarkupSafe==2.1.3,marshmallow==3.21.2,mdurl==0.1.2,-e git+https://osm.etsi.org/gerrit/osm/PLA.git@5fa7d6b3638b309669be7295535dd171e8615acb#egg=osm_pla,packaging==24.0,pycparser==2.22,pydantic==2.7.1,pydantic_core==2.18.2,Pygments==2.18.0,pymzn==0.18.3,PyYAML==6.0.1,requests==2.31.0,rich==13.7.1,ruamel.yaml==0.18.6,ruamel.yaml.clib==0.2.8,safety==3.2.0,safety-schemas==0.0.2,shellingham==1.5.4,tomli==2.0.1,typer==0.12.3,typing_extensions==4.11.0,urllib3==2.2.1
safety run-test-pre: PYTHONHASHSEED='3918617881'
safety run-test: commands[0] | - safety check --full-report
+==============================================================================+
/$$$$$$ /$$
/$$__ $$ | $$
/$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$
/$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$
| $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$
\____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$
/$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$
|_______/ \_______/|__/ \_______/ \___/ \____ $$
/$$ | $$
| $$$$$$/
by safetycli.com \______/
+==============================================================================+
[1mREPORT[0m
[31m[22m Safety is using PyUp's free open-source vulnerability database. This
data is 30 days old and limited. [0m
[31m For real-time enhanced vulnerability data, fix recommendations, severity
reporting, cybersecurity support, team and project policy management and more
sign up at https://pyup.io or email sales@pyup.io[0m
Safety [1mv3.2.0[0m is scanning for [1mVulnerabilities[0m[1m...[0m
[1m Scanning dependencies[0m in your [1menvironment:[0m
-> /usr/lib/python3.10/lib-dynload
-> /tmp/.tox/safety/lib/python3.10/site-packages
-> /usr/lib/python3.10
-> /usr/lib/python310.zip
-> /tmp/.tox/safety/bin
-> /home/jenkins/workspace/PLA-stage_2-merge_v15.0
Using [1mopen-source vulnerability database[0m
[1m Found and scanned 36 packages[0m
Timestamp [1m2024-05-14 10:11:57[0m
[1m 4[0m[1m vulnerabilities reported[0m
[1m 0[0m[1m vulnerabilities ignored[0m
+==============================================================================+
[1mVULNERABILITIES REPORTED[0m
+==============================================================================+
[31m-> Vulnerability found in wheel version 0.37.1[0m
[1m Vulnerability ID: [0m51499
[1m Affected spec: [0m<0.38.1
[1m ADVISORY: [0mWheel 0.38.1 includes a fix for CVE-2022-40898: An issue
discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier
allows remote attackers to cause a denial of service via attacker
controlled input to wheel cli.https://pyup.io/posts/pyup-discovers-redos-
vulnerabilities-in-top-python-packages
[1m CVE-2022-40898[0m
[1m For more information about this vulnerability, visit
[0mhttps://data.safetycli.com/v/51499/97c[0m
To ignore this vulnerability, use PyUp vulnerability id 51499 in safety’s
ignore command-line argument or add the ignore to your safety policy file.
[31m-> Vulnerability found in pip version 22.0.2[0m
[1m Vulnerability ID: [0m62044
[1m Affected spec: [0m<23.3
[1m ADVISORY: [0mAffected versions of Pip are vulnerable to Command
Injection. When installing a package from a Mercurial VCS URL (ie "pip
install hg+...") with pip prior to v23.3, the specified Mercurial revision
could be used to inject arbitrary configuration options to the "hg clone"
call (ie "--config"). Controlling the Mercurial configuration can modify
how and which repository is installed. This vulnerability does not affect
users who aren't installing from Mercurial.
[1m CVE-2023-5752[0m
[1m For more information about this vulnerability, visit
[0mhttps://data.safetycli.com/v/62044/97c[0m
To ignore this vulnerability, use PyUp vulnerability id 62044 in safety’s
ignore command-line argument or add the ignore to your safety policy file.
[31m-> Vulnerability found in pip version 22.0.2[0m
[1m Vulnerability ID: [0m67599
[1m Affected spec: [0m>=0
[1m ADVISORY: [0m** DISPUTED ** An issue was discovered in pip (all
versions) because it installs the version with the highest version number,
even if the user had intended to obtain a private package from a private
index. This only affects use of the --extra-index-url option, and
exploitation requires that the package does not already exist in the
public index (and thus the attacker can put the package there with an
arbitrary version number). NOTE: it has been reported that this is
intended functionality and the user is responsible for using --extra-
index-url securely.
[1m CVE-2018-20225[0m
[1m For more information about this vulnerability, visit
[0mhttps://data.safetycli.com/v/67599/97c[0m
To ignore this vulnerability, use PyUp vulnerability id 67599 in safety’s
ignore command-line argument or add the ignore to your safety policy file.
[31m-> Vulnerability found in jinja2 version 3.1.2[0m
[1m Vulnerability ID: [0m64227
[1m Affected spec: [0m<3.1.3
[1m ADVISORY: [0mJinja2 before 3.1.3 is affected by a Cross-Site
Scripting vulnerability. Special placeholders in the template allow
writing code similar to Python syntax. It is possible to inject arbitrary
HTML attributes into the rendered HTML template. The Jinja 'xmlattr'
filter can be abused to inject arbitrary HTML attribute keys and values,
bypassing the auto escaping mechanism and potentially leading to XSS. It
may also be possible to bypass attribute validation checks if they are
blacklist-based.
[1m CVE-2024-22195[0m
[1m For more information about this vulnerability, visit
[0mhttps://data.safetycli.com/v/64227/97c[0m
To ignore this vulnerability, use PyUp vulnerability id 64227 in safety’s
ignore command-line argument or add the ignore to your safety policy file.
+==============================================================================+
[32m[1mREMEDIATIONS[0m
4 vulnerabilities were reported in 3 packages. For detailed remediation &
fix recommendations, upgrade to a commercial license.
+==============================================================================+
Scan was completed. 4 vulnerabilities were reported.
+==============================================================================+
[31m[22m Safety is using PyUp's free open-source vulnerability database. This
data is 30 days old and limited. [0m
[31m For real-time enhanced vulnerability data, fix recommendations, severity
reporting, cybersecurity support, team and project policy management and more
sign up at https://pyup.io or email sales@pyup.io[0m
+==============================================================================+[0m
✔ OK black in 28.612 seconds
black create: /tmp/.tox/black
black installdeps: black
black installed: black==24.4.2,click==8.1.7,mypy-extensions==1.0.0,packaging==24.0,pathspec==0.12.1,platformdirs==4.2.1,tomli==2.0.1,typing_extensions==4.11.0
black run-test-pre: PYTHONHASHSEED='1247582697'
black run-test: commands[0] | black --check --diff osm_pla/
All done! ✨ 🍰 ✨
13 files would be left unchanged.
✔ OK cover in 32.884 seconds
cover create: /tmp/.tox/cover
cover installdeps: -r/home/jenkins/workspace/PLA-stage_2-merge_v15.0/requirements.txt, -r/home/jenkins/workspace/PLA-stage_2-merge_v15.0/requirements-dev.txt, -r/home/jenkins/workspace/PLA-stage_2-merge_v15.0/requirements-test.txt
cover develop-inst: /home/jenkins/workspace/PLA-stage_2-merge_v15.0
cover installed: aiokafka==0.8.1,async-timeout==4.0.3,coverage==7.3.1,dataclasses==0.6,dnspython==2.4.2,Jinja2==3.1.2,kafka-python==2.0.2,MarkupSafe==2.1.3,mock==5.1.0,motor==3.3.1,nose2==0.13.0,osm-common @ git+https://osm.etsi.org/gerrit/osm/common.git@261e46f7125c8ebe473ee780654ffe42245d4c8d,-e git+https://osm.etsi.org/gerrit/osm/PLA.git@5fa7d6b3638b309669be7295535dd171e8615acb#egg=osm_pla,packaging==23.1,pycryptodome==3.19.0,pymongo==4.5.0,pymzn==0.18.3,PyYAML==6.0.1
cover run-test-pre: PYTHONHASHSEED='2998538726'
cover run-test: commands[0] | sh -c 'rm -f nosetests.xml'
cover run-test: commands[1] | coverage erase
cover run-test: commands[2] | nose2 -C --coverage osm_pla
.......ERROR:pla.server:PLA fault. Exception: kaboom!
Traceback (most recent call last):
File "/home/jenkins/workspace/PLA-stage_2-merge_v15.0/osm_pla/server/server.py", line 200, in get_placement
nsd = self._get_nsd(nslcmop["operationParams"]["nsdId"])
File "/usr/lib/python3.10/unittest/mock.py", line 1114, in __call__
return self._mock_call(*args, **kwargs)
File "/usr/lib/python3.10/unittest/mock.py", line 1118, in _mock_call
return self._execute_mock_call(*args, **kwargs)
File "/usr/lib/python3.10/unittest/mock.py", line 1173, in _execute_mock_call
raise effect
RuntimeError: kaboom!
..........................................................................
----------------------------------------------------------------------
Ran 81 tests in 9.979s
OK
Name Stmts Miss Cover
-----------------------------------------------------------------
osm_pla/__init__.py 0 0 100%
osm_pla/cmd/__init__.py 0 0 100%
osm_pla/cmd/pla_server.py 23 23 0%
osm_pla/config/config.py 39 21 46%
osm_pla/placement/__init__.py 0 0 100%
osm_pla/placement/mznplacement.py 135 1 99%
osm_pla/server/server.py 129 26 80%
osm_pla/test/__init__.py 0 0 100%
osm_pla/test/test_mznModelGenerator.py 134 3 98%
osm_pla/test/test_mznPlacementConductor.py 31 0 100%
osm_pla/test/test_mznmodels.py 269 24 91%
osm_pla/test/test_nsPlacementDataFactory.py 262 3 99%
osm_pla/test/test_server.py 200 9 96%
-----------------------------------------------------------------
TOTAL 1222 110 91%
cover run-test: commands[3] | coverage report '--omit=*tests*'
Name Stmts Miss Cover
-----------------------------------------------------------------
osm_pla/__init__.py 0 0 100%
osm_pla/cmd/__init__.py 0 0 100%
osm_pla/cmd/pla_server.py 23 23 0%
osm_pla/config/config.py 39 21 46%
osm_pla/placement/__init__.py 0 0 100%
osm_pla/placement/mznplacement.py 135 1 99%
osm_pla/server/server.py 129 26 80%
osm_pla/test/__init__.py 0 0 100%
osm_pla/test/test_mznModelGenerator.py 134 3 98%
osm_pla/test/test_mznPlacementConductor.py 31 0 100%
osm_pla/test/test_mznmodels.py 269 24 91%
osm_pla/test/test_nsPlacementDataFactory.py 262 3 99%
osm_pla/test/test_server.py 200 9 96%
-----------------------------------------------------------------
TOTAL 1222 110 91%
cover run-test: commands[4] | coverage html -d ./cover '--omit=*tests*'
Wrote HTML report to ./cover/index.html
cover run-test: commands[5] | coverage xml -o coverage.xml '--omit=*tests*'
Wrote XML report to coverage.xml
✔ OK pylint in 36.093 seconds
pylint create: /tmp/.tox/pylint
pylint installdeps: -r/home/jenkins/workspace/PLA-stage_2-merge_v15.0/requirements.txt, -r/home/jenkins/workspace/PLA-stage_2-merge_v15.0/requirements-dev.txt, -r/home/jenkins/workspace/PLA-stage_2-merge_v15.0/requirements-test.txt, pylint
pylint develop-inst: /home/jenkins/workspace/PLA-stage_2-merge_v15.0
pylint installed: aiokafka==0.8.1,astroid==3.1.0,async-timeout==4.0.3,coverage==7.3.1,dataclasses==0.6,dill==0.3.8,dnspython==2.4.2,isort==5.13.2,Jinja2==3.1.2,kafka-python==2.0.2,MarkupSafe==2.1.3,mccabe==0.7.0,mock==5.1.0,motor==3.3.1,nose2==0.13.0,osm-common @ git+https://osm.etsi.org/gerrit/osm/common.git@261e46f7125c8ebe473ee780654ffe42245d4c8d,-e git+https://osm.etsi.org/gerrit/osm/PLA.git@5fa7d6b3638b309669be7295535dd171e8615acb#egg=osm_pla,packaging==23.1,platformdirs==4.2.1,pycryptodome==3.19.0,pylint==3.1.1,pymongo==4.5.0,pymzn==0.18.3,PyYAML==6.0.1,tomli==2.0.1,tomlkit==0.12.5,typing_extensions==4.11.0
pylint run-test-pre: PYTHONHASHSEED='3579967127'
pylint run-test: commands[0] | pylint -E osm_pla
___________________________________ summary ____________________________________
black: commands succeeded
cover: commands succeeded
flake8: commands succeeded
pylint: commands succeeded
safety: commands succeeded
congratulations :)