vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard

Published 20 hours ago verified publisher icon nexB

AppRegistryNotReady error when setting up vulntotal

Open poju3185 opened this issue 11 months ago • 2 comments

Description

I encountered an AppRegistryNotReady error when trying to set up vulntotal using Docker. This issue arises at the final step when running vulntotal --help.

Steps to Reproduce

  1. Ran docker-compose up to start the services.
  2. Executed docker-compose exec vulnerablecode pip install -r requirements.txt to install Python dependencies.
  3. Ran docker-compose exec vulnerablecode pip install -e . to install the current package.
  4. Attempted to run docker-compose exec vulnerablecode vulntotal --help to check if vulntotal was correctly set up.

At the last step, I encountered the following error:

django.core.exceptions.AppRegistryNotReady: Apps aren't loaded yet.

Upon investigating, I found that the root cause is an import statement in github.py, which tries to import from vulnerabilities import utils. Specifically, vulnerabilities.utils contains the line from packageurl.contrib.django.models import without_empty_values, which seems to trigger the error. It appears that vulntotal's operation is being impeded by its dependency on Django's app loading state.

Expected Behavior

I expected to be able to run vulntotal --help without encountering an AppRegistryNotReady error, regardless of the Django app's state.

Actual Behavior

An AppRegistryNotReady error is raised due to an import statement dependent on Django being fully initialized.

Possible Solution

It might be beneficial to refactor the code to remove the dependency on Django's app loading state, especially for utility scripts like vulntotal that should ideally operate independently.

poju3185 avatar Mar 18 '24 15:03 poju3185

Upon investigating, I found that the root cause is an import statement in github.py, which tries to import from vulnerabilities import utils. Specifically, vulnerabilities.utils contains the line from packageurl.contrib.django.models import without_empty_values, which seems to trigger the error. It appears that vulntotal's operation is being impeded by its dependency on Django's app loading state.

Good catch @poju3185. The solution would be to use fetchcode.package_versions.github_response instead of vulnerabilities.utils.fetch_github_graphql_query see this https://github.com/nexB/fetchcode/blob/b3b2052cdd9a19e0032504f6c39a943ee7cf893d/src/fetchcode/package_versions.py#L649.

keshav-space avatar Mar 21 '24 09:03 keshav-space

@keshav-space, thank you for your suggestion. I've opened a PR. Could you please review it?

poju3185 avatar Mar 21 '24 15:03 poju3185