Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ubi8/python 3.12 emits RuntimeWarning for tarfile #1465

Open
tbugfinder opened this issue Aug 12, 2024 · 0 comments
Open

ubi8/python 3.12 emits RuntimeWarning for tarfile #1465

tbugfinder opened this issue Aug 12, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@tbugfinder
Copy link

Describe the bug
The execution of gitleaks pre-commit hook in python 3.12 on ubi8 raises following warning message:

/usr/lib64/python3.12/tarfile.py:2253: RuntimeWarning: The default behavior of tarfile extraction has been changed to disallow common exploits (including CVE-2007-4559). By default, absolute/parent paths are disallowed and some mode bits are cleared. See https://access.redhat.com/articles/7004769 for more details.
  warnings.warn(

To Reproduce
Create docker image from scratch.

# cat Dockerfile
from redhat/ubi8:latest

ENV INSTALL_PKGS="yum-utils gcc make git-core zlib zlib-devel gcc-c++ patch \
    python39 python39-pip python39-setuptools \
    python3.11 python3.11-pip python3.11-setuptools \
    python3.12 python3.12-pip python3.12-setuptools \
    readline \
    libffi-devel libyaml-devel openssl-devel make bzip2 autoconf curl sqlite-devel xz"
ENV INSTALL_CENTOS_PKGS="readline-devel bison automake libtool"

RUN sh -c "rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm || true"

COPY python_requirements /tmp/requirements.txt

RUN dnf -y install $INSTALL_PKGS

# Upgrade pip
RUN pip3.9 install virtualenv pycodestyle \
    && pip3.11 install virtualenv pycodestyle \
    && pip3.12 install virtualenv pycodestyle \
    && alternatives --set python /usr/bin/python3.12 \
    && alternatives --set python3 /usr/bin/python3.12

# Upgrade pip
RUN pip3 install --upgrade pip \
    && pip3 -V \
    && pip3 install virtualenv pycodestyle \
    && pip3.9 install virtualenv pycodestyle \
    && pip3.11 install virtualenv pycodestyle \
    && pip3.12 install virtualenv pycodestyle \
    && alternatives --set python /usr/bin/python3.12 \
    && alternatives --set python3 /usr/bin/python3.12

# Install python requirements
RUN python3.9 -m pip install -r /tmp/requirements.txt \
    && python3.11 -m pip install -r /tmp/requirements.txt \
    && python3.12 -m pip install -r /tmp/requirements.txt

use python_requirements.txt:

pre-commit~=3.8.0

use .pre-commit-config.yaml

---
fail_fast: true

repos:
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.18.4
    hooks:
      - id: gitleaks

Execute docker container using image and run git init, git add . , pre-commit install, pre-commit run -a.

Expected behavior
No warning message.

Screenshots
N/A

Basic Info (please complete the following information):

  • OS: Linux / UBI8
  • Gitleaks Version: v8.18.4

Additional context
N/A

cc @zricethezav
@tbugfinder tbugfinder added the bug Something isn't working label Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tbugfinder