Home Explore Help
Register Sign In
zPlus
/
freepost
Watch 5
Star 18
Fork 8
Files Issues 19 Pull Requests 0 Wiki
Labels Milestones
New Issue

#97 Issue within server test regarding bottle

Closed
opened 2 years ago by PaciolloLollo · 4 comments
PaciolloLollo commented 2 years ago

I tried following the steps to deploy a test instance, but when I launch the final command I get this error indefinitely.

Traceback (most recent call last):
  File "/home/pi/freepost/venv/lib/python3.7/site-packages/bottle.py", line 3107, in run
    app = load_app(app)
  File "/home/pi/freepost/venv/lib/python3.7/site-packages/bottle.py", line 3052, in load_app
    rv = load(target) # Import the target module
  File "/home/pi/freepost/venv/lib/python3.7/site-packages/bottle.py", line 3037, in load
    if module not in sys.modules: __import__(module)
  File "./freepost/__init__.py", line 25, in <module>
    settings = yaml.load (file)
TypeError: load() missing 1 required positional argument: 'Loader'
I tried following the steps to deploy a test instance, but when I launch the final command I get this error indefinitely. ``` Traceback (most recent call last): File "/home/pi/freepost/venv/lib/python3.7/site-packages/bottle.py", line 3107, in run app = load_app(app) File "/home/pi/freepost/venv/lib/python3.7/site-packages/bottle.py", line 3052, in load_app rv = load(target) # Import the target module File "/home/pi/freepost/venv/lib/python3.7/site-packages/bottle.py", line 3037, in load if module not in sys.modules: __import__(module) File "./freepost/__init__.py", line 25, in <module> settings = yaml.load (file) TypeError: load() missing 1 required positional argument: 'Loader' ```
vaeringjar commented 2 years ago

I tried a fresh clone with newest 3.7.9 and can reproduce that.

Looks like the last time I ran freepost locally a few months back, I used 3.7.2 (not sure why that version specifically). But it works and I get the following warning:

./freepost/__init__.py:25: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
I tried a fresh clone with newest 3.7.9 and can reproduce that. Looks like the last time I ran freepost locally a few months back, I used 3.7.2 (not sure why that version specifically). But it works and I get the following warning: ``` ./freepost/__init__.py:25: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details. ```
PaciolloLollo commented 2 years ago
Poster

While not the best solution, I changed requirements.txt to have pyyaml==5.1

While not the best solution, I changed `requirements.txt` to have `pyyaml==5.1`
vaeringjar commented 2 years ago

Hilariously, my browser with noscript thinks that link looks suspicious, but this is best way I got it to load, but even with url encoding it still complains:

https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation

PyYAML's load function has been unsafe since the first release in May 2006

In 2017, a CVE was filed against PyYAML

@zPlus can you decide which of these loaders looks like the best option? We can suppress the warning even with the non-secure versions, but pyyaml has made a breaking change here so users know what they're getting themselves into.

Hilariously, my browser with noscript thinks that link looks suspicious, but this is best way I got it to load, but even with url encoding it still complains: https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation > PyYAML's load function has been unsafe since the first release in May 2006 > In 2017, a CVE was filed against PyYAML @zPlus can you decide which of these loaders looks like the best option? We can suppress the warning even with the non-secure versions, but pyyaml has made a breaking change here so users know what they're getting themselves into.
zPlus commented 2 years ago
Owner

The proper fix for this should be to replace yaml.load() with yaml.safe_load(). I'm having some issues with the current server though (it tells me "Disk quota exceeded" when connecting, for unknown reasons). I'll patch it as soon as I can test it.

The proper fix for this should be to replace `yaml.load()` with `yaml.safe_load()`. I'm having some issues with the current server though (it tells me "Disk quota exceeded" when connecting, for unknown reasons). I'll patch it as soon as I can test it.
zPlus referenced this issue from a commit 2 years ago
Fix #97 Issue within server test regarding bottle.
zPlus closed 2 years ago
Sign in to join this conversation.
Labels
Clear labels
Feature Request peers jam
No Label
Feature Request
peers jam
Milestone
Clear milestone
No Milestone
Assignee
Clear assignee
No assignee
3 Participants
Write Preview
Loading...
Cancel
Save
There is no content yet.