[RUM] A small change #117
[RUM] A small change #117
Conversation
refs: RUM-5994
Fix blockingIO errors, hopefully with aiofiles.
andreicoj
force-pushed
the
andrei.cojocaru/test-license-server-in-ci
branch
2 times, most recently
from
0ef4220 to
b4cac46
Compare
andreicoj
force-pushed
the
andrei.cojocaru/test-license-server-in-ci
branch
from
bf1b844 to
98aa98e
Compare
![datadog-datadog-prod-us1[bot]](https://avatars.githubusercontent.com/u/365230?s=60&v=4){kind=small}
| try: | ||
| task = main() | ||
| res = asyncio.get_event_loop().run_until_complete(task) | ||
| exit(res) |
There was a problem hiding this comment.
🔴 Code Quality Violation
do not use exit() (...read more)
Use sys.exit() instead of exit(). Exit is a builtin and done mostly for the console. sys.exit() is done for program with a proper return argument (see documentation).
Learn More
| await aiofiles.stdout.write("[unity] ") | ||
| await aiofiles.stdout.write(line) | ||
| except BlockingIOError: | ||
| pass |
There was a problem hiding this comment.
🔴 Code Quality Violation
silent exception (...read more)
Using the pass statement in an exception block ignores the exception. Exceptions should never be ignored. Instead, the user must add code to notify an exception occurred and attempt to handle it or recover from it.
The exception to this rule is the use of StopIteration or StopAsyncIteration when implementing a custom iterator (as those errors are used to acknowledge the end of a successful iteration).
| exit(res) | ||
| except Exception as e: | ||
| print(e) | ||
| exit(-1) |
There was a problem hiding this comment.
🔴 Code Quality Violation
do not use exit() (...read more)
Use sys.exit() instead of exit(). Exit is a builtin and done mostly for the console. sys.exit() is done for program with a proper return argument (see documentation).
Learn More
| @@ -0,0 +1,6 @@ | |||
| aiofiles==24.1.0 | |||
| GitPython==3.1.31 | |||
There was a problem hiding this comment.
⚫ Library Vulnerability
gitpython → 3.1.31
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments (...read more)
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from, making it vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
What and why?
What changes does this pull request introduce and why is it necessary?
Review checklist