From a3098b287ea8e07b0f458fe30988932a79ed3df2 Mon Sep 17 00:00:00 2001 From: umaannamalai Date: Wed, 25 Sep 2024 20:23:26 +0000 Subject: [PATCH 1/3] [Mega-Linter] Apply linters fixes --- tests/logger_loguru/test_local_decorating.py | 9 +++++---- tests/logger_loguru/test_log_forwarding.py | 13 ++++++++----- tests/logger_loguru/test_metrics.py | 7 +++++-- tests/logger_loguru/test_settings.py | 15 ++++++++++----- 4 files changed, 28 insertions(+), 16 deletions(-) diff --git a/tests/logger_loguru/test_local_decorating.py b/tests/logger_loguru/test_local_decorating.py index 846ab93831..dc6e3f080e 100644 --- a/tests/logger_loguru/test_local_decorating.py +++ b/tests/logger_loguru/test_local_decorating.py @@ -14,16 +14,17 @@ import platform -from newrelic.api.application import application_settings -from newrelic.api.background_task import background_task -from newrelic.api.time_trace import current_trace -from newrelic.api.transaction import current_transaction from testing_support.fixtures import reset_core_stats_engine from testing_support.validators.validate_log_event_count import validate_log_event_count from testing_support.validators.validate_log_event_count_outside_transaction import ( validate_log_event_count_outside_transaction, ) +from newrelic.api.application import application_settings +from newrelic.api.background_task import background_task +from newrelic.api.time_trace import current_trace +from newrelic.api.transaction import current_transaction + def set_trace_ids(): txn = current_transaction() diff --git a/tests/logger_loguru/test_log_forwarding.py b/tests/logger_loguru/test_log_forwarding.py index 2df50db2ad..b5644c15bb 100644 --- a/tests/logger_loguru/test_log_forwarding.py +++ b/tests/logger_loguru/test_log_forwarding.py @@ -13,18 +13,21 @@ # limitations under the License. import logging -import pytest -from newrelic.api.background_task import background_task -from newrelic.api.time_trace import current_trace -from newrelic.api.transaction import current_transaction +import pytest from testing_support.fixtures import reset_core_stats_engine from testing_support.validators.validate_log_event_count import validate_log_event_count from testing_support.validators.validate_log_event_count_outside_transaction import ( validate_log_event_count_outside_transaction, ) from testing_support.validators.validate_log_events import validate_log_events -from testing_support.validators.validate_log_events_outside_transaction import validate_log_events_outside_transaction +from testing_support.validators.validate_log_events_outside_transaction import ( + validate_log_events_outside_transaction, +) + +from newrelic.api.background_task import background_task +from newrelic.api.time_trace import current_trace +from newrelic.api.transaction import current_transaction def set_trace_ids(): diff --git a/tests/logger_loguru/test_metrics.py b/tests/logger_loguru/test_metrics.py index b72a7d2f0d..85f606fcf1 100644 --- a/tests/logger_loguru/test_metrics.py +++ b/tests/logger_loguru/test_metrics.py @@ -12,12 +12,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -from newrelic.api.background_task import background_task from testing_support.fixtures import reset_core_stats_engine from testing_support.validators.validate_custom_metrics_outside_transaction import ( validate_custom_metrics_outside_transaction, ) -from testing_support.validators.validate_transaction_metrics import validate_transaction_metrics +from testing_support.validators.validate_transaction_metrics import ( + validate_transaction_metrics, +) + +from newrelic.api.background_task import background_task def exercise_logging(logger): diff --git a/tests/logger_loguru/test_settings.py b/tests/logger_loguru/test_settings.py index 9d10056301..9f13dad33c 100644 --- a/tests/logger_loguru/test_settings.py +++ b/tests/logger_loguru/test_settings.py @@ -12,15 +12,20 @@ # See the License for the specific language governing permissions and # limitations under the License. -import pytest import platform +import pytest +from testing_support.fixtures import ( + override_application_settings, + reset_core_stats_engine, +) +from testing_support.validators.validate_log_event_count import validate_log_event_count +from testing_support.validators.validate_transaction_metrics import ( + validate_transaction_metrics, +) + from newrelic.api.application import application_settings from newrelic.api.background_task import background_task -from testing_support.fixtures import reset_core_stats_engine -from testing_support.validators.validate_log_event_count import validate_log_event_count -from testing_support.fixtures import override_application_settings -from testing_support.validators.validate_transaction_metrics import validate_transaction_metrics def get_metadata_string(log_message, is_txn): From fb097032f488e46920e354a4ddf7c163c2a5947e Mon Sep 17 00:00:00 2001 From: Hannah Stepanek Date: Mon, 16 Sep 2024 16:14:38 -0700 Subject: [PATCH 2/3] Add Trivy --- .github/workflows/tests.yml | 41 +++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c54e56b5e8..9a01ed4c73 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -54,6 +54,47 @@ jobs: - name: Success run: echo "Success!" + # Upload Trivy data + trivy: + if: success() || failure() # Does not run on cancelled workflows + runs-on: ubuntu-20.04 + needs: + - tests + + steps: + # Git Checkout + - name: Checkout Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + fetch-depth: 0 + + - name: Run Trivy vulnerability scanner in repo mode + if: ${{ github.event_name == 'pull_request' }} + uses: aquasecurity/trivy-action@0.20.0 + with: + scan-type: 'fs' + ignore-unfixed: true + format: table + exit-code: 1 + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + + - name: Run Trivy vulnerability scanner in repo mode + if: ${{ github.event_name == 'schedule' }} + uses: aquasecurity/trivy-action@0.20.0 + with: + scan-type: 'fs' + ignore-unfixed: true + format: 'sarif' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + + - name: Upload Trivy scan results to GitHub Security tab + if: ${{ github.event_name == 'schedule' }} + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' + # Combine and upload coverage data coverage: if: success() || failure() # Does not run on cancelled workflows From 5cbefb814cc21f7d898aa81b9df0f0619a87492c Mon Sep 17 00:00:00 2001 From: Hannah Stepanek Date: Fri, 27 Sep 2024 16:11:04 -0700 Subject: [PATCH 3/3] Upgrade urllib3 to 1.26.19 --- newrelic/packages/requirements.txt | 2 +- newrelic/packages/urllib3/LICENSE.txt | 21 --------------------- newrelic/packages/urllib3/__init__.py | 16 ++++++++++++++++ newrelic/packages/urllib3/_version.py | 2 +- newrelic/packages/urllib3/connection.py | 4 ++-- newrelic/packages/urllib3/connectionpool.py | 4 +++- newrelic/packages/urllib3/util/retry.py | 4 +++- 7 files changed, 26 insertions(+), 27 deletions(-) delete mode 100644 newrelic/packages/urllib3/LICENSE.txt diff --git a/newrelic/packages/requirements.txt b/newrelic/packages/requirements.txt index f4835d1b37..38a1391611 100644 --- a/newrelic/packages/requirements.txt +++ b/newrelic/packages/requirements.txt @@ -3,6 +3,6 @@ # This file is used by dependabot to keep track of and recommend updates # to the New Relic Python Agent's dependencies in newrelic/packages/. opentelemetry_proto==1.0.0 -urllib3==1.26.18 +urllib3==1.26.19 wrapt==1.16.0 asgiref==3.6.0 # We only vendor asgiref.compatibility.py diff --git a/newrelic/packages/urllib3/LICENSE.txt b/newrelic/packages/urllib3/LICENSE.txt deleted file mode 100644 index 429a1767e4..0000000000 --- a/newrelic/packages/urllib3/LICENSE.txt +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2008-2020 Andrey Petrov and contributors (see CONTRIBUTORS.txt) - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/newrelic/packages/urllib3/__init__.py b/newrelic/packages/urllib3/__init__.py index c8c7ce691e..c6fa38212f 100644 --- a/newrelic/packages/urllib3/__init__.py +++ b/newrelic/packages/urllib3/__init__.py @@ -19,6 +19,22 @@ from .util.timeout import Timeout from .util.url import get_host +# === NOTE TO REPACKAGERS AND VENDORS === +# Please delete this block, this logic is only +# for urllib3 being distributed via PyPI. +# See: https://github.com/urllib3/urllib3/issues/2680 +try: + import urllib3_secure_extra # type: ignore # noqa: F401 +except ImportError: + pass +else: + warnings.warn( + "'urllib3[secure]' extra is deprecated and will be removed " + "in a future release of urllib3 2.x. Read more in this issue: " + "https://github.com/urllib3/urllib3/issues/2680", + category=DeprecationWarning, + stacklevel=2, + ) __author__ = "Andrey Petrov (andrey.petrov@shazow.net)" __license__ = "MIT" diff --git a/newrelic/packages/urllib3/_version.py b/newrelic/packages/urllib3/_version.py index 85e725eaf4..c40db86d0a 100644 --- a/newrelic/packages/urllib3/_version.py +++ b/newrelic/packages/urllib3/_version.py @@ -1,2 +1,2 @@ # This file is protected via CODEOWNERS -__version__ = "1.26.18" +__version__ = "1.26.19" diff --git a/newrelic/packages/urllib3/connection.py b/newrelic/packages/urllib3/connection.py index 54b96b1915..de35b63d67 100644 --- a/newrelic/packages/urllib3/connection.py +++ b/newrelic/packages/urllib3/connection.py @@ -68,7 +68,7 @@ class BrokenPipeError(Exception): # When it comes time to update this value as a part of regular maintenance # (ie test_recent_date is failing) update it to ~6 months before the current date. -RECENT_DATE = datetime.date(2022, 1, 1) +RECENT_DATE = datetime.date(2024, 1, 1) _CONTAINS_CONTROL_CHAR_RE = re.compile(r"[^-!#$%&'*+.^_`|~0-9a-zA-Z]") @@ -437,7 +437,7 @@ def connect(self): and self.ssl_version is None and hasattr(self.sock, "version") and self.sock.version() in {"TLSv1", "TLSv1.1"} - ): + ): # Defensive: warnings.warn( "Negotiating TLSv1/TLSv1.1 by default is deprecated " "and will be disabled in urllib3 v2.0.0. Connecting to " diff --git a/newrelic/packages/urllib3/connectionpool.py b/newrelic/packages/urllib3/connectionpool.py index 5a6adcbdc7..402bf670da 100644 --- a/newrelic/packages/urllib3/connectionpool.py +++ b/newrelic/packages/urllib3/connectionpool.py @@ -768,7 +768,9 @@ def _is_ssl_error_message_from_http_proxy(ssl_error): # so we try to cover our bases here! message = " ".join(re.split("[^a-z]", str(ssl_error).lower())) return ( - "wrong version number" in message or "unknown protocol" in message + "wrong version number" in message + or "unknown protocol" in message + or "record layer failure" in message ) # Try to detect a common user error with proxies which is to diff --git a/newrelic/packages/urllib3/util/retry.py b/newrelic/packages/urllib3/util/retry.py index 60ef6c4f3f..9a1e90d0b2 100644 --- a/newrelic/packages/urllib3/util/retry.py +++ b/newrelic/packages/urllib3/util/retry.py @@ -235,7 +235,9 @@ class Retry(object): RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) #: Default headers to be used for ``remove_headers_on_redirect`` - DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) + DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset( + ["Cookie", "Authorization", "Proxy-Authorization"] + ) #: Maximum backoff time. DEFAULT_BACKOFF_MAX = 120