This is an archive of the discontinued LLVM Phabricator instance.

Differential D109226

Update pyyaml to fix build failure with Python 3.9
ClosedPublic

Authored by thopre on Sep 3 2021, 4:32 AM.

Details

Reviewers
tnfchris
cmatthews
Commits
rLNTd57cee6bf367: Update pyyaml to fix build failure with Python 3.9
Summary

Upgrade pyyaml to the latest bugfix release for the next stable version:
5.1.2. This fixes a build failure when Python is 3.9. This requires
migrating to yaml.safe_load to avoid warnings due to the use of unsafe
load() method.

Diff Detail

Repository
rLNT LNT

Event Timeline

thopre requested review of this revision.Sep 3 2021, 4:32 AM
thopre created this revision.
Harbormaster completed remote builds in B122492: Diff 370544.Sep 3 2021, 4:32 AM
tnfchris added a comment.Sep 3 2021, 4:34 AM

Hmm the last time I upgraded pyyaml it started complaining about the interface we're using being insecure and a security issue. is that no longer the case?

I remember it required slight tweaking.

thopre added a comment.Sep 3 2021, 4:47 AM
In D109226#2982029, @tnfchris wrote:

Hmm the last time I upgraded pyyaml it started complaining about the interface we're using being insecure and a security issue. is that no longer the case?

I remember it required slight tweaking.

I didn't get any warning, except for pip complaining about being run as root but that's a separate issue

tnfchris accepted this revision.Sep 3 2021, 4:53 AM
In D109226#2982046, @thopre wrote:
In D109226#2982029, @tnfchris wrote:

Hmm the last time I upgraded pyyaml it started complaining about the interface we're using being insecure and a security issue. is that no longer the case?

I remember it required slight tweaking.

I didn't get any warning, except for pip complaining about being run as root but that's a separate issue

Hmm ok, It should be giving this warning https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation when LNT starts up.

But if you don't see it they might have did something to not require it.. so LGTM then.

This revision is now accepted and ready to land.Sep 3 2021, 4:53 AM
kragniz added a subscriber: kragniz.Sep 3 2021, 6:41 AM

Running tox with this change results in the warning appearing, for example:

~/git/llvm-lnt/.tox/py3/lib/python3.6/site-packages/lnt/lnttool/admin.py:53: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.

I'd recommend switching the couple of yaml.load calls with yaml.safe_load.

thopre updated this revision to Diff 370575.Sep 3 2021, 6:59 AM

Move to yaml safe_load() method instead of load()

Herald added a subscriber: dkolesnichenko. · View Herald TranscriptSep 3 2021, 6:59 AM
Harbormaster completed remote builds in B122517: Diff 370575.Sep 3 2021, 6:59 AM
thopre added a comment.Sep 3 2021, 7:00 AM
In D109226#2982067, @tnfchris wrote:
In D109226#2982046, @thopre wrote:
In D109226#2982029, @tnfchris wrote:

Hmm the last time I upgraded pyyaml it started complaining about the interface we're using being insecure and a security issue. is that no longer the case?

I remember it required slight tweaking.

I didn't get any warning, except for pip complaining about being run as root but that's a separate issue

Hmm ok, It should be giving this warning https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation when LNT starts up.

But if you don't see it they might have did something to not require it.. so LGTM then.

Builds and runs without warning for the current alpine base image (based on Python 3.7).

In D109226#2982067, @tnfchris wrote:
In D109226#2982046, @thopre wrote:
In D109226#2982029, @tnfchris wrote:

Hmm the last time I upgraded pyyaml it started complaining about the interface we're using being insecure and a security issue. is that no longer the case?

I remember it required slight tweaking.

I didn't get any warning, except for pip complaining about being run as root but that's a separate issue

Hmm ok, It should be giving this warning https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation when LNT starts up.

But if you don't see it they might have did something to not require it.. so LGTM then.

I had only run the tests and launched LNT. I see one of the codepath that uses yaml.load is in lnt admin. I've made an updated patch that update all the calls to load to use safe_load instead and it seems to work.

thopre requested review of this revision.Sep 3 2021, 7:00 AM
thopre edited the summary of this revision. (Show Details)

@tnfchris Are you happy with the new patch?

tnfchris accepted this revision.Sep 3 2021, 7:34 AM

Yes, thanks both!

This revision is now accepted and ready to land.Sep 3 2021, 7:34 AM
Closed by commit rLNTd57cee6bf367: Update pyyaml to fix build failure with Python 3.9 (authored by thopre). · Explain WhySep 3 2021, 7:44 AM
This revision was automatically updated to reflect the committed changes.
thopre added a commit: rLNTd57cee6bf367: Update pyyaml to fix build failure with Python 3.9.

Revision Contents

PathSize
lnt/
lnttool/
2 lines
server/
db/
2 lines
2 lines
tests/
server/
ui/
2 lines

Diff 370584

lnt/lnttool/admin.py

Show First 20 LinesShow All 44 Lines▼ Show 20 Lines def _set(self, key, value):
setattr(self, key, value) setattr(self, key, value)
@property @property
def dict(self): def dict(self):
return self.__dict__ return self.__dict__
def _try_load_config(self, filename): def _try_load_config(self, filename):
try: try:
config = yaml.load(open(filename)) config = yaml.safe_load(open(filename))
for key, value in config.items(): for key, value in config.items():
self._set(key, value) self._set(key, value)
except IOError as e: except IOError as e:
if self.verbose or filename != _default_config_filename: if self.verbose or filename != _default_config_filename:
_error("Could not load configuration file '%s': %s\n" % _error("Could not load configuration file '%s': %s\n" %
(filename, e)) (filename, e))
def _check_and_normalize(self): def _check_and_normalize(self):
▲ Show 20 LinesShow All 326 LinesShow Last 20 Lines

lnt/server/db/v4db.py

Show All 13 Lines
class V4DB(object): class V4DB(object):
""" """
Wrapper object for LNT v0.4+ databases. Wrapper object for LNT v0.4+ databases.
""" """
def _load_schema_file(self, schema_file): def _load_schema_file(self, schema_file):
session = self.make_session(expire_on_commit=False) session = self.make_session(expire_on_commit=False)
with open(schema_file) as schema_fd: with open(schema_file) as schema_fd:
data = yaml.load(schema_fd) data = yaml.safe_load(schema_fd)
suite = testsuite.TestSuite.from_json(data) suite = testsuite.TestSuite.from_json(data)
testsuite.check_testsuite_schema_changes(session, suite) testsuite.check_testsuite_schema_changes(session, suite)
suite = testsuite.sync_testsuite_with_metatables(session, suite) suite = testsuite.sync_testsuite_with_metatables(session, suite)
session.commit() session.commit()
session.close() session.close()
# Create tables if necessary # Create tables if necessary
tsdb = lnt.server.db.testsuitedb.TestSuiteDB(self, suite.name, suite) tsdb = lnt.server.db.testsuitedb.TestSuiteDB(self, suite.name, suite)
▲ Show 20 LinesShow All 63 LinesShow Last 20 Lines

setup.py

Show First 20 LinesShow All 124 Lines▼ Show 20 Lines install_requires=[
"Werkzeug==0.12.2", "Werkzeug==0.12.2",
"itsdangerous==0.24", "itsdangerous==0.24",
"python-gnupg==0.3.7", "python-gnupg==0.3.7",
"pytz==2016.10", "pytz==2016.10",
"WTForms==2.0.2", "WTForms==2.0.2",
"Flask-WTF==0.12", "Flask-WTF==0.12",
"typing", "typing",
"click==6.7", "click==6.7",
"pyyaml==3.13", "pyyaml==5.1.2",
"requests", "requests",
"future", "future",
"lit==0.11.1", "lit==0.11.1",
"certifi" "certifi"
], ],
ext_modules=[cPerf], ext_modules=[cPerf],
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*', python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
) )

tests/server/ui/test_api.py

Show First 20 LinesShow All 272 Lines▼ Show 20 Lines def test_tests_api(self):
self.assertEqual('SingleSource/UnitTests/2006-12-01-float_varg', t0['name']) self.assertEqual('SingleSource/UnitTests/2006-12-01-float_varg', t0['name'])
def test_schema(self): def test_schema(self):
client = self.client client = self.client
rest_schema = check_json(client, 'api/db_default/v4/nts/schema') rest_schema = check_json(client, 'api/db_default/v4/nts/schema')
# The reported schema should be the same as the yaml one on the top. # The reported schema should be the same as the yaml one on the top.
with open('%s/schemas/nts.yaml' % self.instance_path) as syaml: with open('%s/schemas/nts.yaml' % self.instance_path) as syaml:
yaml_schema = yaml.load(syaml) yaml_schema = yaml.safe_load(syaml)
# Do some massaging to make it similar to the rest API result. # Do some massaging to make it similar to the rest API result.
for m in yaml_schema['metrics']: for m in yaml_schema['metrics']:
if 'unit' not in m: if 'unit' not in m:
m['unit'] = None m['unit'] = None
if 'unit_abbrev' not in m: if 'unit_abbrev' not in m:
m['unit_abbrev'] = None m['unit_abbrev'] = None
if 'display_name' not in m: if 'display_name' not in m:
m['display_name'] = m['name'] m['display_name'] = m['name']
Show All 10 Lines