You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2022/03/15 03:37:29 UTC

[GitHub] [openwhisk-wskdebug] shazron opened a new pull request #96: fix: swap isomorphic-fetch for cross-fetch for security issue

shazron opened a new pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96


   See #95


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-wskdebug] shazron commented on pull request #96: fix: swap isomorphic-fetch for node-fetch for security issue

Posted by GitBox <gi...@apache.org>.

shazron commented on pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96#issuecomment-1085744055


   Solved it! npm@7 is default in the latest node-lts, and by default will install peer dependencies. I added the flag `--legacy-peer-deps` to the `RUN npm install -g openwhisk-wskdebug.tgz` in the Dockerfile and now it works. Checking the change in.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-wskdebug] shazron commented on pull request #96: fix: swap isomorphic-fetch for cross-fetch for security issue

Posted by GitBox <gi...@apache.org>.

shazron commented on pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96#issuecomment-1081383508


   @alexkli ok, I will update with node-fetch. I didn't delve into why `isomorphic-fetch` was used in this lib (perhaps there is an in-browser use case I reckoned) and `cross-fetch` seemed a drop-in replacement.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-wskdebug] shazron commented on pull request #96: fix: swap isomorphic-fetch for node-fetch for security issue

Posted by GitBox <gi...@apache.org>.

shazron commented on pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96#issuecomment-1082521820


   @alexkli all tests pass except this `ngrok` thing that I have no idea how to fix:
   ```
   The command '/bin/sh -c wskdebug --ngrok myaction 2>&1 | grep -A 10 "ngrok dependency required for --ngrok is not installed"' returned a non-zero code: 1
   ```
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-wskdebug] shazron commented on pull request #96: fix: swap isomorphic-fetch for node-fetch for security issue

Posted by GitBox <gi...@apache.org>.

shazron commented on pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96#issuecomment-1085447013


   @alexkli it's pretty clear now that there is a bug in the existing code, and nothing related to this PR. This line: https://github.com/apache/openwhisk-wskdebug/blob/1ec715d98136811bea30eb6a82b378d78e356252/src/agentmgr.js#L23 the result is always defined so this logic will always be false: https://github.com/apache/openwhisk-wskdebug/blob/1ec715d98136811bea30eb6a82b378d78e356252/src/agentmgr.js#L93 (if (true && !true) => if (false))
   
   I'm not sure if https://github.com/apache/openwhisk-wskdebug/blob/1ec715d98136811bea30eb6a82b378d78e356252/src/agentmgr.js#L23 would ever throw an error though, just by inspection


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-wskdebug] alexkli commented on pull request #96: fix: swap isomorphic-fetch for node-fetch for security issue

Posted by GitBox <gi...@apache.org>.

alexkli commented on pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96#issuecomment-1085086858


   Hmm, it looks unrelated, but it worked in the last PR #92 that got merged.
   
   This error happens in the posttest script which you can run using `npm run posttest`.
   
   The test logic is in here: https://github.com/apache/openwhisk-wskdebug/tree/master/test/install
   
   It spins up a container and tries to install wskdebug from scratch in there and see that it runs. As part of that it checks for the ngrok installation check we have in wskdebug: https://github.com/apache/openwhisk-wskdebug/blob/master/test/install/Dockerfile#L34-L35
   
   You could run this locally and change that line to just `wskdebug --ngrok myaction` to see what the actual output is.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-wskdebug] shazron commented on pull request #96: fix: swap isomorphic-fetch for node-fetch for security issue

Posted by GitBox <gi...@apache.org>.

shazron commented on pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96#issuecomment-1081693809


   @alexkli PR updated


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-wskdebug] shazron commented on pull request #96: fix: swap isomorphic-fetch for node-fetch for security issue

Posted by GitBox <gi...@apache.org>.

shazron commented on pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96#issuecomment-1085395035


   The error message I get when making that change and running `npm run posttest` is:
   ```
    => ERROR [ 8/10] RUN wskdebug --ngrok myaction                                             12.7s
   ------
    > [ 8/10] RUN wskdebug --ngrok myaction:
   #13 12.66
   #13 12.66 Error: Unknown Error From API: socket hang up
   ------
   executor failed running [/bin/sh -c wskdebug --ngrok myaction]: exit code: 1
   "docker rmi" requires at least 1 argument.
   See 'docker rmi --help'.
   
   Usage:  docker rmi [OPTIONS] IMAGE [IMAGE...]
   
   Remove one or more images
   
   ERROR: Installation test failed!
   ```
   As you can see the error message has changed from what is expected. I double checked I don't have ngrok installed globally before running it.
   
   I'll check in the change so the CI can run.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-wskdebug] shazron commented on pull request #96: fix: swap isomorphic-fetch for node-fetch for security issue

Posted by GitBox <gi...@apache.org>.

shazron commented on pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96#issuecomment-1085403952


   I'll debug why it doesn't go to https://github.com/apache/openwhisk-wskdebug/blob/1ec715d98136811bea30eb6a82b378d78e356252/src/agentmgr.js#L94


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-wskdebug] shazron edited a comment on pull request #96: fix: swap isomorphic-fetch for node-fetch for security issue

Posted by GitBox <gi...@apache.org>.

shazron edited a comment on pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96#issuecomment-1085447013


   @alexkli it's pretty clear now that there is a bug in the existing code, and nothing related to this PR. This line: https://github.com/apache/openwhisk-wskdebug/blob/1ec715d98136811bea30eb6a82b378d78e356252/src/agentmgr.js#L23 the result is always defined so this logic will always be false: https://github.com/apache/openwhisk-wskdebug/blob/1ec715d98136811bea30eb6a82b378d78e356252/src/agentmgr.js#L93 (if (true && !true) => if (false))
   
   There should be a `MODULE_NOT_FOUND` error thrown, but I'm not seeing it -- `npm ls ngrok` doesn't show anything either:
   ```
   ❯ npm ls ngrok
   @openwhisk/wskdebug@1.3.0 /Users/shazron/Documents/git/work/apache/openwhisk-wskdebug
   └── (empty)
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-wskdebug] alexkli edited a comment on pull request #96: fix: swap isomorphic-fetch for node-fetch for security issue

Posted by GitBox <gi...@apache.org>.

alexkli edited a comment on pull request #96:
URL: https://github.com/apache/openwhisk-wskdebug/pull/96#issuecomment-1085086858


   Hmm, it looks unrelated, but it worked in the last PR #92 that got merged.
   
   This error happens in the posttest script which you can run using `npm run posttest`.
   
   The test logic is in here: https://github.com/apache/openwhisk-wskdebug/tree/master/test/install
   
   It spins up a container and tries to install wskdebug from scratch in there and see that it runs. As part of that it checks for the ngrok installation check we have in wskdebug: https://github.com/apache/openwhisk-wskdebug/blob/master/test/install/Dockerfile#L34-L35
   
   You could run this locally and change that line to just `wskdebug --ngrok myaction` to see what the actual output is... assuming it is reproduceable locally. If not, commit this change (temporarily) and see how it looks like when run in Travis CI.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@openwhisk.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org