You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by "Superskyyy (via GitHub)" <gi...@apache.org> on 2023/02/06 04:51:03 UTC
[GitHub] [skywalking-python] Superskyyy opened a new pull request, #278: Add support for fork and periodical property report
Superskyyy opened a new pull request, #278:
URL: https://github.com/apache/skywalking-python/pull/278
<!--
â ī¸ Please make sure to read this template first, pull requests that don't accord with this template
maybe closed without notice.
Texts surrounded by `<` and `>` are meant to be replaced by you, e.g. <framework name>, <issue number>.
Put an `x` in the `[ ]` to mark the item as CHECKED. `[x]`
-->
<!-- ==== đ Remove this line WHEN AND ONLY WHEN you're fixing a bug, follow the checklist đ ====
### Fix <bug description or bug issue link>
- [ ] Add a unit test to verify that the fix works.
- [ ] Explain briefly why the bug exists and how to fix it.
==== đ Remove this line WHEN AND ONLY WHEN you're fixing a bug, follow the checklist đ ==== -->
<!-- ==== đ Remove this line WHEN AND ONLY WHEN you're improving the performance, follow the checklist đ ====
### Improve the performance of <class or module or ...>
- [ ] Add a benchmark for the improvement, refer to [the existing ones](https://github.com/apache/skywalking/blob/master/apm-commons/apm-datacarrier/src/test/java/org/apache/skywalking/apm/commons/datacarrier/LinkedArrayBenchmark.java)
- [ ] The benchmark result.
```text
<Paste the benchmark results here>
```
- [ ] Links/URLs to the theory proof or discussion articles/blogs. <links/URLs here>
==== đ Remove this line WHEN AND ONLY WHEN you're improving the performance, follow the checklist đ ==== -->
<!-- ==== đ Remove this line WHEN AND ONLY WHEN you're adding a new feature, follow the checklist đ ====
### <Feature description>
- [ ] If this is non-trivial feature, paste the links/URLs to the design doc.
- [ ] Update the documentation to include this new feature.
- [ ] Tests(including UT, IT, E2E) are added to verify the new feature.
- [ ] If it's UI related, attach the screenshots below.
- [ ] I have rebuilt the `Configuration.md` documentation by running `make doc-gen`
==== đ Remove this line WHEN AND ONLY WHEN you're adding a new feature, follow the checklist đ ==== -->
<!-- ==== đą Remove this line WHEN AND ONLY WHEN you're adding or modifying a plugin instrumentation, follow the checklist đ ====
### <Feature description>
- [ ] If adding a new plugin, add a component id in [the main repo](https://github.com/apache/skywalking/blob/master/oap-server/server-starter/src/main/resources/component-libraries.yml)
- [ ] If adding a new plugin, add a logo in [the UI repo](https://github.com/apache/skywalking-booster-ui/tree/main/src/assets/img/technologies)
- [ ] I have added the library to `pyproject.toml` (plugin group) by running `poetry add library --group plugins`
- [ ] I have rebuilt the `Plugins.md` documentation by running `make doc-gen`
==== đą Remove this line WHEN AND ONLY WHEN you're adding a new feature, follow the checklist đ ==== -->
- [ ] If this pull request closes/resolves/fixes an existing issue, replace the issue url. Closes: <URL to main repo issue>
- [x] Update the [`CHANGELOG.md`](https://github.com/apache/skywalking-python/blob/master/CHANGELOG.md).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-python] Superskyyy commented on pull request #278: Add support for fork and periodical property report
Posted by "Superskyyy (via GitHub)" <gi...@apache.org>.
Superskyyy commented on PR #278:
URL: https://github.com/apache/skywalking-python/pull/278#issuecomment-1418582313
I think the fork support accidentally fixed something that the tests assumed to be otherwise... investigating
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-python] Superskyyy closed pull request #278: Add support for fork and periodical property report
Posted by "Superskyyy (via GitHub)" <gi...@apache.org>.
Superskyyy closed pull request #278: Add support for fork and periodical property report
URL: https://github.com/apache/skywalking-python/pull/278
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-python] sonatype-lift[bot] commented on a diff in pull request #278: Add support for fork and periodical property report
Posted by "sonatype-lift[bot] (via GitHub)" <gi...@apache.org>.
sonatype-lift[bot] commented on code in PR #278:
URL: https://github.com/apache/skywalking-python/pull/278#discussion_r1096944816
##########
tests/manual/services/flask_provider_single.py:
##########
@@ -0,0 +1,35 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from flask import Flask, jsonify
+from skywalking import agent, config
+
+config.init(collector_address='localhost:12800', protocol='http', service_name='great-app-provider-http',
+ service_instance='instance-01',
+ experimental_fork_support=True, logging_level='DEBUG', log_reporter_active=True,
+ meter_reporter_active=True,
+ profiler_active=True)
+
+agent.start()
+
+app = Flask(__name__)
+
+
+@app.route('/', methods=['POST', 'GET'])
+def application():
+ return jsonify({'status': 'ok'})
+
+
+if __name__ == '__main__':
+ app.run(host='0.0.0.0', port=9999, debug=True)
Review Comment:
*flask_debug_true:* A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with ***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified `file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new) to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not relevant](https://www.sonatype.com/lift-comment-rating?comment=381602688&lift_comment_rating=1) ] - [ [đ Won't fix](https://www.sonatype.com/lift-comment-rating?comment=381602688&lift_comment_rating=2) ] - [ [đ Not critical, will fix](https://www.sonatype.com/lift-comment-rating?comment=381602688&lift_comment_rating=3) ] - [ [đ Critical, will fix](https://www.sonatype.com/lift-comment-rating?comment=381602688&lift_comment_rating=4) ] - [ [đ Critical, fixing now](https://www.sonatype.com/lift-comment-rating?comment=381602688&lift_comment_rating=5) ]
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-python] Superskyyy commented on pull request #278: Add support for fork and periodical property report
Posted by "Superskyyy (via GitHub)" <gi...@apache.org>.
Superskyyy commented on PR #278:
URL: https://github.com/apache/skywalking-python/pull/278#issuecomment-1418519467
There could still be some nits to fix, but I'm overwhelmed currently, so leaving for a day and I will check back.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-python] Superskyyy commented on pull request #278: Add support for fork and periodical property report
Posted by "Superskyyy (via GitHub)" <gi...@apache.org>.
Superskyyy commented on PR #278:
URL: https://github.com/apache/skywalking-python/pull/278#issuecomment-1419734887
This is not ready, closing for now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-python] sonatype-lift[bot] commented on a diff in pull request #278: Add support for fork and periodical property report
Posted by "sonatype-lift[bot] (via GitHub)" <gi...@apache.org>.
sonatype-lift[bot] commented on code in PR #278:
URL: https://github.com/apache/skywalking-python/pull/278#discussion_r1097690914
##########
tests/manual/services/flask_provider_single.py:
##########
@@ -0,0 +1,35 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from flask import Flask, jsonify
+from skywalking import agent, config
+
+config.init(collector_address='localhost:12800', protocol='http', service_name='great-app-provider-http',
+ service_instance='instance-01',
+ experimental_fork_support=True, logging_level='DEBUG', log_reporter_active=True,
+ meter_reporter_active=True,
+ profiler_active=True)
+
+agent.start()
+
+app = Flask(__name__)
+
+
+@app.route('/', methods=['POST', 'GET'])
+def application():
+ return jsonify({'status': 'ok'})
+
+
+if __name__ == '__main__':
+ app.run(host='0.0.0.0', port=9999, debug=True, use_reloader=False)
Review Comment:
đŦ 20 similar findings have been found in this PR
---
*flask_debug_true:* A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.
---
<details><summary><b>đ Expand here to view all instances of this finding</b></summary><br/>
<div align=\"center\">
| **File Path** | **Line Number** |
| ------------- | ------------- |
| tests/plugin/data/sw_elasticsearch/services/consumer.py | [46](https://github.com/apache/skywalking-python/blob/28a0fd44fca159dccf0975d68af2c23266c28150/tests/plugin/data/sw_elasticsearch/services/consumer.py#L46) |
| tests/plugin/data/sw_happybase/services/consumer.py | [51](https://github.com/apache/skywalking-python/blob/28a0fd44fca159dccf0975d68af2c23266c28150/tests/plugin/data/sw_happybase/services/consumer.py#L51) |
| tests/plugin/data/sw_kafka/services/producer.py | [33](https://github.com/apache/skywalking-python/blob/28a0fd44fca159dccf0975d68af2c23266c28150/tests/plugin/data/sw_kafka/services/producer.py#L33) |
| tests/plugin/data/sw_mysqlclient/services/consumer.py | [32](https://github.com/apache/skywalking-python/blob/28a0fd44fca159dccf0975d68af2c23266c28150/tests/plugin/data/sw_mysqlclient/services/consumer.py#L32) |
| tests/plugin/data/sw_mysqlclient/services/provider.py | [39](https://github.com/apache/skywalking-python/blob/28a0fd44fca159dccf0975d68af2c23266c28150/tests/plugin/data/sw_mysqlclient/services/provider.py#L39) |
| tests/plugin/data/sw_psycopg/services/consumer.py | [32](https://github.com/apache/skywalking-python/blob/28a0fd44fca159dccf0975d68af2c23266c28150/tests/plugin/data/sw_psycopg/services/consumer.py#L32) |
| tests/plugin/data/sw_psycopg/services/provider.py | [40](https://github.com/apache/skywalking-python/blob/28a0fd44fca159dccf0975d68af2c23266c28150/tests/plugin/data/sw_psycopg/services/provider.py#L40) |
| tests/plugin/data/sw_psycopg2/services/consumer.py | [32](https://github.com/apache/skywalking-python/blob/28a0fd44fca159dccf0975d68af2c23266c28150/tests/plugin/data/sw_psycopg2/services/consumer.py#L32) |
| tests/plugin/data/sw_psycopg2/services/provider.py | [40](https://github.com/apache/skywalking-python/blob/28a0fd44fca159dccf0975d68af2c23266c28150/tests/plugin/data/sw_psycopg2/services/provider.py#L40) |
| tests/plugin/data/sw_pymongo/services/consumer.py | [34](https://github.com/apache/skywalking-python/blob/28a0fd44fca159dccf0975d68af2c23266c28150/tests/plugin/data/sw_pymongo/services/consumer.py#L34) |
<p> Showing <b>10</b> of <b> 20 </b> findings. <a href="https://lift.sonatype.com/results/github.com/apache/skywalking-python/01GRKW5R5WRFQW7BETFG90VYQD?t=Bandit|flask_debug_true" target="_blank">Visit the Lift Web Console</a> to see all.</p></div></details>
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with ***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified `file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new) to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not relevant](https://www.sonatype.com/lift-comment-rating?comment=382414175&lift_comment_rating=1) ] - [ [đ Won't fix](https://www.sonatype.com/lift-comment-rating?comment=382414175&lift_comment_rating=2) ] - [ [đ Not critical, will fix](https://www.sonatype.com/lift-comment-rating?comment=382414175&lift_comment_rating=3) ] - [ [đ Critical, will fix](https://www.sonatype.com/lift-comment-rating?comment=382414175&lift_comment_rating=4) ] - [ [đ Critical, fixing now](https://www.sonatype.com/lift-comment-rating?comment=382414175&lift_comment_rating=5) ]
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org