guarddog icon indicating copy to clipboard operation
guarddog copied to clipboard
verified publisher icon DataDog

Guarddog hangs when using compatible version dependency

Open maciejstromich opened this issue 3 years ago • 7 comments

requirements.txt

Django~=3.2
requests~=2.28

docker-compose.yml

services:
  guarddog:
    image: ghcr.io/datadog/guarddog:v0.1.2
    volumes:
      - ./:/code

Running the command docker-compose run --rm guarddog verify /code/requirements.txt

results in a hang and an output like below

Version 1 for package Django doesn't exist.
Version c for package Django doesn't exist.
Version 3 for package Django doesn't exist.
Version r for package Django doesn't exist.
Version . for package Django doesn't exist.
Version 2 for package Django doesn't exist.
Version 9 for package requests doesn't exist.
Version . for package requests doesn't exist.
Version 2 for package requests doesn't exist.

maciejstromich avatar Nov 28 '22 15:11 maciejstromich

Can you test on latest v0.1.4 and confirm the behavior you'd expect?

christophetd avatar Nov 28 '22 16:11 christophetd

Right now guarddog returns exit code 255 with a message:

Received Version r for package Django doesn't exist.make: [guarddog] Error 255 (ignored)

This is a bit misleading because ~=3.2 is perfectly fine pinning and I guess in the worst case (because of time) scenario guarddog should check all the versions that match the selection and in the fastest should take only the latest into consideration.

maciejstromich avatar Nov 29 '22 09:11 maciejstromich

Related to #88 as well

christophetd avatar Nov 29 '22 11:11 christophetd

@maciejstromich is this now fixed by #96 (released in v0.1.7)?

christophetd avatar Dec 01 '22 08:12 christophetd

yes the hanging part is fixed but as I already pointed out by solving the hanging problem the way that it's solved guarddog stopped scanning the whole file and just gives up on the first occurance of this problem (a regression of #88 maybe?).

requirements.txt:

Django~=3.2
requests~=2.28
pytest
pytest-django
pytest-randomly
pytest-cov
iPython

this should still check all the remaining items in the list and just report that Django and requests versions are not supported. Currently it's exiting with 255 at the first item. Do you want a new issue, reopen #88 or should the discussion be kept here?

maciejstromich avatar Dec 01 '22 09:12 maciejstromich

@vdeturckheim thoughts?

christophetd avatar Dec 01 '22 10:12 christophetd

I know we have an inconsistency on this codepath. Thought I would catch it at typing but mypy seems to not be catching it. I want to move forward on the npm support today but once I am good with metadata heuristics there, I'll take a deeper look

vdeturckheim avatar Dec 02 '22 09:12 vdeturckheim