Started by upstream project "buildall-stage_2-merge-v14" build number 320 originally caused by: Started by timer > git rev-parse --is-inside-work-tree # timeout=10 Setting origin to https://osm.etsi.org/gerrit/osm/tests.git > git config remote.origin.url https://osm.etsi.org/gerrit/osm/tests.git # timeout=10 Fetching origin... Fetching upstream changes from origin > git --version # timeout=10 > git config --get remote.origin.url # timeout=10 > git fetch --tags --progress origin +refs/heads/*:refs/remotes/origin/* Seen branch in repository origin/bug1511 Seen branch in repository origin/master Seen branch in repository origin/ng-ro-refactor Seen branch in repository origin/paas Seen branch in repository origin/sol006 Seen branch in repository origin/sol006v331 Seen branch in repository origin/v10.0 Seen branch in repository origin/v11.0 Seen branch in repository origin/v12.0 Seen branch in repository origin/v13.0 Seen branch in repository origin/v14.0 Seen branch in repository origin/v15.0 Seen branch in repository origin/v8.0 Seen branch in repository origin/v9.0 Seen 14 remote branches Obtained Jenkinsfile from d536011e3d26b80db7645517de7471e0dd355620 Running in Durability level: MAX_SURVIVABILITY [Pipeline] properties [Pipeline] node Running on osm-cicd-2 in /home/jenkins/workspace/tests-stage_2-merge_v14.0 [Pipeline] { [Pipeline] checkout No credentials specified > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url https://osm.etsi.org/gerrit/osm/tests.git # timeout=10 Fetching without tags Fetching upstream changes from https://osm.etsi.org/gerrit/osm/tests.git > git --version # timeout=10 > git fetch --no-tags --force --progress https://osm.etsi.org/gerrit/osm/tests.git +refs/heads/*:refs/remotes/origin/* Checking out Revision d536011e3d26b80db7645517de7471e0dd355620 (v14.0) > git config core.sparsecheckout # timeout=10 > git checkout -f d536011e3d26b80db7645517de7471e0dd355620 Commit message: "Fix stuck when executing a background command via SSH is SA02" > git rev-list --no-walk d536011e3d26b80db7645517de7471e0dd355620 # timeout=10 [Pipeline] dir Running in /home/jenkins/workspace/tests-stage_2-merge_v14.0/devops [Pipeline] { [Pipeline] git No credentials specified > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url https://osm.etsi.org/gerrit/osm/devops # timeout=10 Fetching upstream changes from https://osm.etsi.org/gerrit/osm/devops > git --version # timeout=10 > git fetch --tags --force --progress https://osm.etsi.org/gerrit/osm/devops +refs/heads/*:refs/remotes/origin/* > git rev-parse refs/remotes/origin/v14.0^{commit} # timeout=10 > git rev-parse refs/remotes/origin/origin/v14.0^{commit} # timeout=10 Checking out Revision 73738a808076b4167ee1b86b28b655e83bdc4f8e (refs/remotes/origin/v14.0) > git config core.sparsecheckout # timeout=10 > git checkout -f 73738a808076b4167ee1b86b28b655e83bdc4f8e > git branch -a -v --no-abbrev # timeout=10 > git branch -D v14.0 # timeout=10 > git checkout -b v14.0 73738a808076b4167ee1b86b28b655e83bdc4f8e Commit message: "Fix air-gapped installation issues with containerd and OSM helm chart" > git rev-list --no-walk 73738a808076b4167ee1b86b28b655e83bdc4f8e # timeout=10 [Pipeline] } [Pipeline] // dir [Pipeline] load [Pipeline] { (devops/jenkins/ci-pipelines/ci_stage_2.groovy) [Pipeline] } [Pipeline] // load [Pipeline] echo do_stage_3= false [Pipeline] load [Pipeline] { (devops/jenkins/ci-pipelines/ci_helper.groovy) [Pipeline] } [Pipeline] // load [Pipeline] stage [Pipeline] { (Prepare) [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + env JENKINS_HOME=/var/lib/jenkins SSH_CLIENT=212.234.161.1 22456 22 USER=jenkins RUN_CHANGES_DISPLAY_URL=https://osm.etsi.org/jenkins/job/tests-stage_2-merge/job/v14.0/331/display/redirect?page=changes GERRIT_PROJECT=osm/tests XDG_SESSION_TYPE=tty SHLVL=0 NODE_LABELS=docker osm-cicd-2 osm2 pipeline stage_2 HUDSON_URL=https://osm.etsi.org/jenkins/ MOTD_SHOWN=pam OLDPWD=/home/jenkins HOME=/home/jenkins BUILD_URL=https://osm.etsi.org/jenkins/job/tests-stage_2-merge/job/v14.0/331/ HUDSON_COOKIE=6ff0eb58-fb31-4fd4-950f-8bf670e4a493 JENKINS_SERVER_COOKIE=durable-d23a92a01ecc19e97eb4c646cbc080d4 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus GERRIT_PATCHSET_REVISION=d536011e3d26b80db7645517de7471e0dd355620 WORKSPACE=/home/jenkins/workspace/tests-stage_2-merge_v14.0 LOGNAME=jenkins NODE_NAME=osm-cicd-2 GERRIT_BRANCH=v14.0 _=/usr/bin/java RUN_ARTIFACTS_DISPLAY_URL=https://osm.etsi.org/jenkins/job/tests-stage_2-merge/job/v14.0/331/display/redirect?page=artifacts XDG_SESSION_CLASS=user EXECUTOR_NUMBER=5 XDG_SESSION_ID=2054 RUN_TESTS_DISPLAY_URL=https://osm.etsi.org/jenkins/job/tests-stage_2-merge/job/v14.0/331/display/redirect?page=tests BUILD_DISPLAY_NAME=#331 PROJECT_URL_PREFIX=https://osm.etsi.org/gerrit HUDSON_HOME=/var/lib/jenkins JOB_BASE_NAME=v14.0 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin BUILD_ID=331 XDG_RUNTIME_DIR=/run/user/1001 BUILD_TAG=jenkins-tests-stage_2-merge-v14.0-331 JENKINS_URL=https://osm.etsi.org/jenkins/ LANG=C.UTF-8 JOB_URL=https://osm.etsi.org/jenkins/job/tests-stage_2-merge/job/v14.0/ BUILD_NUMBER=331 SHELL=/bin/bash RUN_DISPLAY_URL=https://osm.etsi.org/jenkins/job/tests-stage_2-merge/job/v14.0/331/display/redirect ARTIFACTORY_SERVER=artifactory-osm GERRIT_REFSPEC=refs/changes/36/14036/1 HUDSON_SERVER_COOKIE=6d3295a483c3e6d5 JOB_DISPLAY_URL=https://osm.etsi.org/jenkins/job/tests-stage_2-merge/job/v14.0/display/redirect JOB_NAME=tests-stage_2-merge/v14.0 TEST_INSTALL=false PWD=/home/jenkins/workspace/tests-stage_2-merge_v14.0 SSH_CONNECTION=212.234.161.1 22456 172.21.249.2 22 BRANCH_NAME=v14.0 [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Checkout) [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + git fetch --tags [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + git fetch origin refs/changes/36/14036/1 From https://osm.etsi.org/gerrit/osm/tests * branch refs/changes/36/14036/1 -> FETCH_HEAD [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + git checkout -f d536011e3d26b80db7645517de7471e0dd355620 HEAD is now at d536011 Fix stuck when executing a background command via SSH is SA02 [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + sudo git clean -dfx Removing .cache/ Removing .eggs/ Removing .local/ Removing .safety/ Removing build.env Removing changelog/ Removing deb_dist/ Removing debian/osm-tests.install Removing pool/ Removing tests.egg-info/ [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (License Scan) [Pipeline] echo skip the scan for merge [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Release Note Check) [Pipeline] fileExists [Pipeline] echo No releasenote check present [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Docker-Build) [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + docker build --build-arg APT_PROXY=http://172.21.1.1:3142 -t osm/tests-v14.0 . Sending build context to Docker daemon 154.4MB Step 1/7 : FROM ubuntu:22.04 ---> 52882761a72a Step 2/7 : ARG APT_PROXY ---> Using cache ---> 55e61cba10df Step 3/7 : RUN if [ ! -z $APT_PROXY ] ; then echo "Acquire::http::Proxy \"$APT_PROXY\";" > /etc/apt/apt.conf.d/proxy.conf ; echo "Acquire::https::Proxy \"$APT_PROXY\";" >> /etc/apt/apt.conf.d/proxy.conf ; fi ---> Using cache ---> 92a0a55147bc Step 4/7 : RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install debhelper dh-python git python3 python3-all python3-dev python3-setuptools python3-pip tox ---> Using cache ---> dc04b66cbfa2 Step 5/7 : RUN DEBIAN_FRONTEND=noninteractive apt-get -y install dh-make ---> Using cache ---> c9005a1573d3 Step 6/7 : ENV LC_ALL C.UTF-8 ---> Using cache ---> ddf3afebfd64 Step 7/7 : ENV LANG C.UTF-8 ---> Using cache ---> 882f722feed2 Successfully built 882f722feed2 Successfully tagged osm/tests-v14.0:latest [Pipeline] } [Pipeline] // stage [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + id -u [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + id -g [Pipeline] withDockerContainer osm-cicd-2 does not seem to be running inside a container $ docker run -t -d -u 1001:1001 -u root -w /home/jenkins/workspace/tests-stage_2-merge_v14.0 -v /home/jenkins/workspace/tests-stage_2-merge_v14.0:/home/jenkins/workspace/tests-stage_2-merge_v14.0:rw,z -v /home/jenkins/workspace/tests-stage_2-merge_v14.0@tmp:/home/jenkins/workspace/tests-stage_2-merge_v14.0@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** --entrypoint cat osm/tests-v14.0 [Pipeline] { [Pipeline] stage [Pipeline] { (Test) [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + groupadd -o -g 1001 -r jenkins [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + pwd + useradd -o -u 1001 -d /home/jenkins/workspace/tests-stage_2-merge_v14.0 -r -g jenkins jenkins [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + echo #! /bin/sh [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + chmod 755 /usr/bin/mesg [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + runuser jenkins -c devops-stages/stage-test.sh Checking syntax of Robot tests Checking tabs in robot files. No tabs should be present No tabs are present in robot files. Correct! Checking param separation in robot files. Three spaces is the recommendation, instead of two No presence of two spaces to separate params in robot files. Correct! Checking param separation in robot files. Three spaces is the recommendation, instead of four or more Only three spaces must be used between params in robot files. Correct! Checking CRLF terminators in robot files. No CRLF should be found No presence of CRLF terminators in robot files. Correct! Checking spaces at the end of lines in robot files. No spaces at EOL should be found No presence of spaces at EOL in robot files. Correct! Launching tox ✔ OK black in 6.958 seconds black create: /tmp/.tox/black black installdeps: black black installed: black==24.4.2,click==8.1.7,mypy-extensions==1.0.0,packaging==24.0,pathspec==0.12.1,platformdirs==4.2.1,tomli==2.0.1,typing_extensions==4.11.0 black run-test-pre: PYTHONHASHSEED='3562234738' black run-test: commands[0] | black --check --diff robot-systest --fast All done! ✨ 🍰 ✨ 5 files would be left unchanged. ✔ OK flake8 in 24.131 seconds flake8 create: /tmp/.tox/flake8 flake8 installdeps: flake8 flake8 develop-inst: /home/jenkins/workspace/tests-stage_2-merge_v14.0 flake8 installed: flake8==7.0.0,mccabe==0.7.0,pycodestyle==2.11.1,pyflakes==3.2.0,-e git+https://osm.etsi.org/gerrit/osm/tests.git@d536011e3d26b80db7645517de7471e0dd355620#egg=tests flake8 run-test-pre: PYTHONHASHSEED='4183530592' flake8 run-test: commands[0] | flake8 robot-systest ✔ OK cover in 52.407 seconds cover create: /tmp/.tox/cover cover installdeps: -r/home/jenkins/workspace/tests-stage_2-merge_v14.0/requirements.txt cover develop-inst: /home/jenkins/workspace/tests-stage_2-merge_v14.0 cover installed: appdirs==1.4.4,argcomplete==3.1.2,attrs==23.1.0,autopage==0.5.1,bcrypt==4.0.1,bitarray==2.8.1,certifi==2023.7.22,cffi==1.16.0,charset-normalizer==3.3.0,cliff==4.3.0,cmd2==2.4.3,cryptography==41.0.4,debtcollector==2.5.0,decorator==5.1.1,dogpile.cache==1.2.2,enum34==1.1.10,exceptiongroup==1.1.3,h11==0.14.0,haikunator==2.1.0,idna==3.4,importlib-metadata==6.8.0,iso8601==2.1.0,jmespath==1.0.1,jsonpatch==1.33,jsonpath-ng==1.6.0,jsonpath-rw==1.4.0,jsonpath-rw-ext==1.2.2,jsonpointer==2.4,jsonschema==4.19.1,jsonschema-specifications==2023.7.1,keystoneauth1==5.3.0,lxml==4.9.3,msgpack==1.0.7,netaddr==0.9.0,netifaces==0.11.0,objectpath==0.6.1,openstacksdk==1.5.0,os-service-types==1.7.0,osc-lib==2.8.1,oslo.config==9.2.0,oslo.i18n==6.1.0,oslo.serialization==5.2.0,oslo.utils==6.2.1,outcome==1.2.0,packaging==23.2,paramiko==3.3.1,pbr==5.11.1,ply==3.11,prettytable==3.9.0,pyang==2.5.3,pyangbind==0.8.3.post1,pycparser==2.21,pyjsonselect==0.2.2,PyNaCl==1.5.0,pyparsing==3.1.1,pyperclip==1.8.2,PySocks==1.7.1,python-cinderclient==9.4.0,python-keystoneclient==5.2.0,python-novaclient==18.4.0,python-openstackclient==6.3.0,pytz==2023.3.post1,PyYAML==6.0.1,referencing==0.30.2,regex==2023.8.8,requests==2.31.0,requestsexceptions==1.4.0,rfc3986==2.0.0,robotframework==6.1.1,robotframework-jsonlibrary==0.5,robotframework-jsonvalidator==2.0.0,robotframework-pythonlibcore==4.2.0,robotframework-requests==0.9.5,robotframework-seleniumlibrary==6.1.2,robotframework-sshlibrary==3.8.0,robotframework-yamllibrary==0.2.8,rpds-py==0.10.3,scp==0.14.5,selenium==4.13.0,simplejson==3.19.1,six==1.16.0,sniffio==1.3.0,sortedcontainers==2.4.0,stevedore==5.1.0,-e git+https://osm.etsi.org/gerrit/osm/tests.git@d536011e3d26b80db7645517de7471e0dd355620#egg=tests,tomlkit==0.12.1,trio==0.22.2,trio-websocket==0.11.1,typing_extensions==4.8.0,tzdata==2023.3,urllib3==2.0.5,verboselogs==1.7,wcwidth==0.2.8,wrapt==1.15.0,wsproto==1.2.0,xmltodict==0.13.0,yq==3.2.3,zipp==3.17.0 cover run-test-pre: PYTHONHASHSEED='679682614' cover run-test: commands[0] | sh -c 'echo No unit tests' No unit tests ✔ OK safety in 1 minute, 5.009 seconds safety create: /tmp/.tox/safety safety installdeps: -r/home/jenkins/workspace/tests-stage_2-merge_v14.0/requirements.txt, safety safety develop-inst: /home/jenkins/workspace/tests-stage_2-merge_v14.0 safety installed: annotated-types==0.6.0,appdirs==1.4.4,argcomplete==3.1.2,attrs==23.1.0,Authlib==1.3.0,autopage==0.5.1,bcrypt==4.0.1,bitarray==2.8.1,certifi==2023.7.22,cffi==1.16.0,charset-normalizer==3.3.0,click==8.1.7,cliff==4.3.0,cmd2==2.4.3,cryptography==41.0.4,debtcollector==2.5.0,decorator==5.1.1,dogpile.cache==1.2.2,dparse==0.6.4b0,enum34==1.1.10,exceptiongroup==1.1.3,h11==0.14.0,haikunator==2.1.0,idna==3.4,importlib-metadata==6.8.0,iso8601==2.1.0,Jinja2==3.1.4,jmespath==1.0.1,jsonpatch==1.33,jsonpath-ng==1.6.0,jsonpath-rw==1.4.0,jsonpath-rw-ext==1.2.2,jsonpointer==2.4,jsonschema==4.19.1,jsonschema-specifications==2023.7.1,keystoneauth1==5.3.0,lxml==4.9.3,markdown-it-py==3.0.0,MarkupSafe==2.1.5,marshmallow==3.21.2,mdurl==0.1.2,msgpack==1.0.7,netaddr==0.9.0,netifaces==0.11.0,objectpath==0.6.1,openstacksdk==1.5.0,os-service-types==1.7.0,osc-lib==2.8.1,oslo.config==9.2.0,oslo.i18n==6.1.0,oslo.serialization==5.2.0,oslo.utils==6.2.1,outcome==1.2.0,packaging==23.2,paramiko==3.3.1,pbr==5.11.1,ply==3.11,prettytable==3.9.0,pyang==2.5.3,pyangbind==0.8.3.post1,pycparser==2.21,pydantic==2.7.1,pydantic_core==2.18.2,Pygments==2.18.0,pyjsonselect==0.2.2,PyNaCl==1.5.0,pyparsing==3.1.1,pyperclip==1.8.2,PySocks==1.7.1,python-cinderclient==9.4.0,python-keystoneclient==5.2.0,python-novaclient==18.4.0,python-openstackclient==6.3.0,pytz==2023.3.post1,PyYAML==6.0.1,referencing==0.30.2,regex==2023.8.8,requests==2.31.0,requestsexceptions==1.4.0,rfc3986==2.0.0,rich==13.7.1,robotframework==6.1.1,robotframework-jsonlibrary==0.5,robotframework-jsonvalidator==2.0.0,robotframework-pythonlibcore==4.2.0,robotframework-requests==0.9.5,robotframework-seleniumlibrary==6.1.2,robotframework-sshlibrary==3.8.0,robotframework-yamllibrary==0.2.8,rpds-py==0.10.3,ruamel.yaml==0.18.6,ruamel.yaml.clib==0.2.8,safety==3.2.0,safety-schemas==0.0.2,scp==0.14.5,selenium==4.13.0,shellingham==1.5.4,simplejson==3.19.1,six==1.16.0,sniffio==1.3.0,sortedcontainers==2.4.0,stevedore==5.1.0,-e git+https://osm.etsi.org/gerrit/osm/tests.git@d536011e3d26b80db7645517de7471e0dd355620#egg=tests,tomli==2.0.1,tomlkit==0.12.1,trio==0.22.2,trio-websocket==0.11.1,typer==0.12.3,typing_extensions==4.8.0,tzdata==2023.3,urllib3==2.0.5,verboselogs==1.7,wcwidth==0.2.8,wrapt==1.15.0,wsproto==1.2.0,xmltodict==0.13.0,yq==3.2.3,zipp==3.17.0 safety run-test-pre: PYTHONHASHSEED='2316282941' safety run-test: commands[0] | - safety check --full-report +==============================================================================+ /$$$$$$ /$$ /$$__ $$ | $$ /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ |_______/ \_______/|__/ \_______/ \___/ \____ $$ /$$ | $$ | $$$$$$/ by safetycli.com \______/ +==============================================================================+ REPORT  Safety is using PyUp's free open-source vulnerability database. This data is 30 days old and limited.   For real-time enhanced vulnerability data, fix recommendations, severity reporting, cybersecurity support, team and project policy management and more sign up at https://pyup.io or email sales@pyup.io Safety v3.2.0 is scanning for Vulnerabilities...  Scanning dependencies in your environment: -> /usr/lib/python310.zip -> /tmp/.tox/safety/bin -> /usr/lib/python3.10/lib-dynload -> /home/jenkins/workspace/tests-stage_2-merge_v14.0 -> /tmp/.tox/safety/lib/python3.10/site-packages -> /usr/lib/python3.10 Using open-source vulnerability database  Found and scanned 121 packages Timestamp 2024-05-08 09:50:34  11 vulnerabilities reported  0 vulnerabilities ignored +==============================================================================+ VULNERABILITIES REPORTED +==============================================================================+ -> Vulnerability found in wheel version 0.37.1  Vulnerability ID: 51499  Affected spec: <0.38.1  ADVISORY: Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.https://pyup.io/posts/pyup-discovers-redos- vulnerabilities-in-top-python-packages  CVE-2022-40898  For more information about this vulnerability, visit https://data.safetycli.com/v/51499/97c To ignore this vulnerability, use PyUp vulnerability id 51499 in safety’s ignore command-line argument or add the ignore to your safety policy file. -> Vulnerability found in urllib3 version 2.0.5  Vulnerability ID: 61893  Affected spec: >=2.0.0a1,<2.0.7  ADVISORY: Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET.https://github.com/urllib3/urllib3/security/ advisories/GHSA-g4mx-q9vg-27p4  CVE-2023-45803  For more information about this vulnerability, visit https://data.safetycli.com/v/61893/97c To ignore this vulnerability, use PyUp vulnerability id 61893 in safety’s ignore command-line argument or add the ignore to your safety policy file. -> Vulnerability found in pip version 22.0.2  Vulnerability ID: 62044  Affected spec: <23.3  ADVISORY: Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.  CVE-2023-5752  For more information about this vulnerability, visit https://data.safetycli.com/v/62044/97c To ignore this vulnerability, use PyUp vulnerability id 62044 in safety’s ignore command-line argument or add the ignore to your safety policy file. -> Vulnerability found in paramiko version 3.3.1  Vulnerability ID: 65193  Affected spec: <3.4.0  ADVISORY: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms.  CVE-2023-48795  For more information about this vulnerability, visit https://data.safetycli.com/v/65193/97c To ignore this vulnerability, use PyUp vulnerability id 65193 in safety’s ignore command-line argument or add the ignore to your safety policy file. -> Vulnerability found in paramiko version 3.3.1  Vulnerability ID: 63227  Affected spec: <3.4.0  ADVISORY: Paramiko 3.4.0 has been released to fix vulnerabilities affecting encrypt-then-MAC digest algorithms in tandem with CBC ciphers, and ChaCha20-poly1305. The fix requires cooperation from both ends of the connection, making it effective when the remote end is OpenSSH >= 9.6 and configured to use the new “strict kex” mode. For further details, refer to the official Paramiko documentation or GitHub repository.https://github.com/advisories/GHSA-45x7-px36-x8w8  CVE-2023-48795  For more information about this vulnerability, visit https://data.safetycli.com/v/63227/97c To ignore this vulnerability, use PyUp vulnerability id 63227 in safety’s ignore command-line argument or add the ignore to your safety policy file. -> Vulnerability found in cryptography version 41.0.4  Vulnerability ID: 65647  Affected spec: <42.0.5  ADVISORY: Cryptography version 42.0.5 introduces a limit on the number of name constraint checks during X.509 path validation to prevent denial of service attacks.https://github.com/pyca/cryptography/commit/4be5 3bf20cc90cbac01f5f94c5d1aecc5289ba1f  PVE-2024-65647  For more information about this vulnerability, visit https://data.safetycli.com/v/65647/97c To ignore this vulnerability, use PyUp vulnerability id 65647 in safety’s ignore command-line argument or add the ignore to your safety policy file. -> Vulnerability found in cryptography version 41.0.4  Vulnerability ID: 62556  Affected spec: >=3.1,<41.0.6  ADVISORY: Cryptography 41.0.6 includes a fix for CVE-2023-49083: NULL-dereference when loading PKCS7 certificates.https://github.com/advisories/GHSA-jfhm-5ghh-2f97  CVE-2023-49083  For more information about this vulnerability, visit https://data.safetycli.com/v/62556/97c To ignore this vulnerability, use PyUp vulnerability id 62556 in safety’s ignore command-line argument or add the ignore to your safety policy file. -> Vulnerability found in cryptography version 41.0.4  Vulnerability ID: 65212  Affected spec: >=35.0.0,<42.0.2  ADVISORY: Versions of Cryptograph starting from 35.0.0 are susceptible to a security flaw in the POLY1305 MAC algorithm on PowerPC CPUs, which allows an attacker to disrupt the application's state. This disruption might result in false calculations or cause a denial of service. The vulnerability's exploitation hinges on the attacker's ability to alter the algorithm's application and the dependency of the software on non-volatile XMM registers.https://github.com/pyca/cryptography/commit/89d 0d56fb104ac4e0e6db63d78fc22b8c53d27e9  CVE-2023-6129  For more information about this vulnerability, visit https://data.safetycli.com/v/65212/97c To ignore this vulnerability, use PyUp vulnerability id 65212 in safety’s ignore command-line argument or add the ignore to your safety policy file. -> Vulnerability found in cryptography version 41.0.4  Vulnerability ID: 66777  Affected spec: >=35.0.0,<42.0.2  ADVISORY: CVE-2023-6237 addresses a vulnerability in RSA public key verification where checking a large, incorrect RSA key with EVP_PKEY_public_check() could take an excessive amount of time. This is due to no size limit on the RSA public key and an unnecessarily high number of Miller-Rabin rounds for modulus non-primality checks. The fix sets a maximum key size of 16384 bits and reduces Miller-Rabin rounds to 5, enhancing security and performance by preventing the RSA_R_MODULUS_TOO_LARGE error.  CVE-2023-6237  For more information about this vulnerability, visit https://data.safetycli.com/v/66777/97c To ignore this vulnerability, use PyUp vulnerability id 66777 in safety’s ignore command-line argument or add the ignore to your safety policy file. -> Vulnerability found in cryptography version 41.0.4  Vulnerability ID: 66704  Affected spec: >=38.0.0,<42.0.4  ADVISORY: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and before version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.  CVE-2024-26130  For more information about this vulnerability, visit https://data.safetycli.com/v/66704/97c To ignore this vulnerability, use PyUp vulnerability id 66704 in safety’s ignore command-line argument or add the ignore to your safety policy file. -> Vulnerability found in cryptography version 41.0.4  Vulnerability ID: 65278  Affected spec: <42.0.0  ADVISORY: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. See CVE-2023-50782.  CVE-2023-50782  For more information about this vulnerability, visit https://data.safetycli.com/v/65278/97c To ignore this vulnerability, use PyUp vulnerability id 65278 in safety’s ignore command-line argument or add the ignore to your safety policy file. +==============================================================================+ REMEDIATIONS 11 vulnerabilities were reported in 5 packages. For detailed remediation & fix recommendations, upgrade to a commercial license. +==============================================================================+ Scan was completed. 11 vulnerabilities were reported. +==============================================================================+  Safety is using PyUp's free open-source vulnerability database. This data is 30 days old and limited.   For real-time enhanced vulnerability data, fix recommendations, severity reporting, cybersecurity support, team and project policy management and more sign up at https://pyup.io or email sales@pyup.io +==============================================================================+ ✔ OK pylint in 1 minute, 7.244 seconds pylint create: /tmp/.tox/pylint pylint installdeps: -r/home/jenkins/workspace/tests-stage_2-merge_v14.0/requirements.txt, -r/home/jenkins/workspace/tests-stage_2-merge_v14.0/requirements-dev.txt, pylint pylint develop-inst: /home/jenkins/workspace/tests-stage_2-merge_v14.0 pylint installed: appdirs==1.4.4,argcomplete==3.1.2,astroid==3.1.0,attrs==23.1.0,autopage==0.5.1,bcrypt==4.0.1,bitarray==2.8.1,certifi==2023.7.22,cffi==1.16.0,charset-normalizer==3.3.0,click==8.1.7,cliff==4.3.0,cmd2==2.4.3,cryptography==41.0.4,debtcollector==2.5.0,decorator==5.1.1,dill==0.3.8,dogpile.cache==1.2.2,enum34==1.1.10,exceptiongroup==1.1.3,h11==0.14.0,haikunator==2.1.0,idna==3.4,importlib-metadata==6.8.0,iso8601==2.1.0,isort==5.13.2,Jinja2==3.1.2,jmespath==1.0.1,jsonpatch==1.33,jsonpath-ng==1.6.0,jsonpath-rw==1.4.0,jsonpath-rw-ext==1.2.2,jsonpointer==2.4,jsonschema==4.19.1,jsonschema-specifications==2023.7.1,keystoneauth1==5.3.0,lxml==4.9.3,MarkupSafe==2.1.3,mccabe==0.7.0,msgpack==1.0.7,netaddr==0.9.0,netifaces==0.11.0,objectpath==0.6.1,openstacksdk==1.5.0,os-service-types==1.7.0,osc-lib==2.8.1,oslo.config==9.2.0,oslo.i18n==6.1.0,oslo.serialization==5.2.0,oslo.utils==6.2.1,osmclient @ git+https://osm.etsi.org/gerrit/osm/osmclient.git@92048832dded6b9a86936b89019c42b6451422f5,outcome==1.2.0,packaging==23.2,paramiko==3.3.1,pbr==5.11.1,platformdirs==4.2.1,ply==3.11,prettytable==3.9.0,pyang==2.5.3,pyangbind==0.8.3.post1,pycparser==2.21,pyjsonselect==0.2.2,pylint==3.1.0,PyNaCl==1.5.0,pyparsing==3.1.1,pyperclip==1.8.2,PySocks==1.7.1,python-cinderclient==9.4.0,python-keystoneclient==5.2.0,python-magic==0.4.27,python-novaclient==18.4.0,python-openstackclient==6.3.0,pytz==2023.3.post1,PyYAML==6.0.1,referencing==0.30.2,regex==2023.8.8,requests==2.31.0,requestsexceptions==1.4.0,rfc3986==2.0.0,robotframework==6.1.1,robotframework-jsonlibrary==0.5,robotframework-jsonvalidator==2.0.0,robotframework-pythonlibcore==4.2.0,robotframework-requests==0.9.5,robotframework-seleniumlibrary==6.1.2,robotframework-sshlibrary==3.8.0,robotframework-yamllibrary==0.2.8,rpds-py==0.10.3,scp==0.14.5,selenium==4.13.0,simplejson==3.19.1,six==1.16.0,sniffio==1.3.0,sortedcontainers==2.4.0,stevedore==5.1.0,-e git+https://osm.etsi.org/gerrit/osm/tests.git@d536011e3d26b80db7645517de7471e0dd355620#egg=tests,tomli==2.0.1,tomlkit==0.12.1,trio==0.22.2,trio-websocket==0.11.1,typing_extensions==4.8.0,tzdata==2023.3,urllib3==2.0.5,verboselogs==1.7,wcwidth==0.2.8,wrapt==1.15.0,wsproto==1.2.0,xmltodict==0.13.0,yq==3.2.3,zipp==3.17.0 pylint run-test-pre: PYTHONHASHSEED='1751856753' pylint run-test: commands[0] | - pylint -E robot-systest/resources ___________________________________ summary ____________________________________ black: commands succeeded cover: commands succeeded flake8: commands succeeded pylint: commands succeeded safety: commands succeeded congratulations :) [Pipeline] fileExists [Pipeline] fileExists [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Build) [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + runuser jenkins -c devops-stages/stage-build.sh dpkg-source --before-build . fakeroot debian/rules clean dpkg-source -b . debian/rules build fakeroot debian/rules binary dpkg-genbuildinfo -O../osm-tests_14.0.2-1_amd64.buildinfo dpkg-genchanges -O../osm-tests_14.0.2-1_amd64.changes fakeroot debian/rules clean dpkg-source --after-build . [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Archive) [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + runuser jenkins -c mkdir -p changelog [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + runuser jenkins -c devops/tools/generatechangelog-pipeline.sh > changelog/changelog-tests.html [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + runuser jenkins -c devops-stages/stage-archive.sh [Pipeline] getArtifactoryServer [Pipeline] newBuildInfo [Pipeline] artifactoryUpload [consumer_0] Deploying artifact: https://artifactory-osm.etsi.org/artifactory/osm-tests/v14.0/331/pool/tests/osm-tests_14.0.2-1_all.deb [consumer_1] Deploying artifact: https://artifactory-osm.etsi.org/artifactory/osm-tests/v14.0/331/changelog/changelog-tests.html [Pipeline] publishBuildInfo Deploying build info to: https://artifactory-osm.etsi.org/artifactory/api/build Deploying build descriptor to: https://artifactory-osm.etsi.org/artifactory/api/build Build successfully deployed. Browse it in Artifactory under https://artifactory-osm.etsi.org/artifactory/webapp/builds/tests-stage_2-merge%20::%20v14.0/331 [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + env [Pipeline] step Archiving artifacts Recording fingerprints [Pipeline] } [Pipeline] // stage [Pipeline] } $ docker stop --time=1 d5f2e82df7bd8222445aba914ca718a36be2db3f770aba917bf987796301d52d $ docker rm -f d5f2e82df7bd8222445aba914ca718a36be2db3f770aba917bf987796301d52d [Pipeline] // withDockerContainer [Pipeline] stage [Pipeline] { (Snap build) [Pipeline] fileExists [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Charm build) [Pipeline] sh [tests-stage_2-merge_v14.0] Running shell script + nproc + expr 16 / 2 [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] fileExists [Pipeline] parallel No branches to run [Pipeline] // parallel [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline Finished: SUCCESS