Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Undefined symbols in __all__ #331

Open
ZuhairORZaki opened this issue Aug 21, 2024 · 1 comment
Open

[BUG] Undefined symbols in __all__ #331

ZuhairORZaki opened this issue Aug 21, 2024 · 1 comment

Comments

@ZuhairORZaki
Copy link

ZuhairORZaki commented Aug 21, 2024
edited
Loading

Overview

In file: init.py, __all__ includes undefined symbols Node,WrappingNode,node_to_dict, translate. This will cause an ImportError when importing the module using star import i.e. from js2py.translators import *.

Possible Fix

One way to fix this issue would be to remove the undefined symbols if they are not needed.

--- /workspace/source/js2py/translators/__init__.py
+++ /workspace/source/js2py/translators/__init__.py
@@ -18,10 +18,9 @@
 # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
 #  OR THE USE OR OTHER DEALINGS IN THE SOFTWARE
 
__all__ = [
-    'PyJsParser', 'Node', 'WrappingNode', 'node_to_dict', 'parse',
-    'translate_js', 'translate', 'syntax_tree_translate', 'DEFAULT_HEADER'
+    'PyJsParser', 'parse', 'translate_js', 'syntax_tree_translate', 'DEFAULT_HEADER'
]
 __author__ = 'Piotr Dabkowski'
 __version__ = '2.2.0'
 from pyjsparser import PyJsParser

Notes from Triage Team

There is an import statement which imports trasnlate rather than translate.

from .translator import translate_js, trasnlate, syntax_tree_translate, DEFAULT_HEADER

This may be causing the translate symbol to become undefined.

Sponsorship and Support:

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.

The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.
@potiuk
Copy link

potiuk commented Sep 1, 2024

Hello here. I am an Apache Airflow maintainer - and we are looking - together with Open Refactory and Alpha-Omega at improving Apache Airflow's Supply Chain security. This one is one of the bugs we found during the checks. We are going to talk about the whole project we are running soon at Airflow Summit - https://airflowsummit.org/ and it would be great to have more succeess stories (we are just starting and expect more activities to come)

Would it be possible to prioritise this fix ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@potiuk @ZuhairORZaki