8000 Run tests on Python3.12 by guilhermef · Pull Request #1608 · thumbor/thumbor · GitHub
[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run tests on Python3.12 #1608

Merged
merged 1 commit into from
Oct 30, 2023
Merged

Run tests on Python3.12 #1608

merged 1 commit into from
Oct 30, 2023

Conversation

guilhermef
Copy link
Member
@guilhermef guilhermef commented Oct 27, 2023
edited
Loading

Pillow had to be pinned to a version lower than 10.1.0.0. The property MAX_IMAGE_PIXELS is being ignored, causing tests to fail with PIL.Image.DecompressionBombError: Image size (10364948220 pixels) exceeds limit of 150000000.0 pixels, could be decompression bomb DOS attack.

==============================================================================
ERROR: tests/handlers/test_base_handler_with_auto_avif.py::ImageOperationsWithAutoAvifTestCase::test_should_not_convert_animated_gifs_to_avif
------------------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/unittest/case.py", line 58, in testPartExecutor
    yield
  File "/usr/local/lib/python3.12/unittest/case.py", line 634, in run
    self._callTestMethod(testMethod)
  File "/usr/local/lib/python3.12/unittest/case.py", line 589, in _callTestMethod
    if method() is not None:
       ^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/tornado/testing.py", line 102, in __call__
    result = self.orig_method(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/tornado/testing.py", line 620, in post_coroutine
    return self.io_loop.run_sync(
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/tornado/ioloop.py", line 527, in run_sync
    return future_cell[0].result()
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/tests/handlers/test_base_handler_with_auto_avif.py", line 71, in test_should_not_convert_animated_gifs_to_avif
    expect(response.body).to_be_gif()
  File "/usr/local/lib/python3.12/site-packages/preggy/core.py", line 285, in _assert_topic
    return _registered_assertions[method_name](self.topic, *args, **kw)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/preggy/core.py", line 58, in wrapper
    func(*args, **kw)
  File "/usr/local/lib/python3.12/site-packages/preggy/core.py", line 123, in test_assertion
    if not func(*args):
           ^^^^^^^^^^^
  File "/app/tests/base.py", line 136, in to_be_gif
    image = Image.open(BytesIO(topic))
            ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/PIL/Image.py", line 3284, in open
    im = _open_core(fp, filename, prefix, formats)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/PIL/Image.py", line 3270, in _open_core
    im = factory(fp, filename)
         ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/PIL/ImageFile.py", line 117, in __init__
    self._open()
  File "/usr/local/lib/python3.12/site-packages/PIL/GifImagePlugin.py", line 108, in _open
    self._seek(0)  # get ready to read first frame
    ^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/PIL/GifImagePlugin.py", line 265, in _seek
    Image._decompression_bomb_check(self._size)
  File "/usr/local/lib/python3.12/site-packages/PIL/Image.py", line 3179, in _decompression_bomb_check
    raise DecompressionBombError(msg)
PIL.Image.DecompressionBombError: Image size (10364948220 pixels) exceeds limit of 150000000.0 pixels, could be decompression bomb DOS attack.

@guilhermef guilhermef mentioned this pull request Oct 27, 2023
Closed
@coveralls
Copy link
coveralls commented Oct 27, 2023
edited
Loading

Pull Request Test Coverage Report for Build 6664194670

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 86.687%
Totals Coverage Status
Change from base Build 6504905069: 0.0%
Covered Lines: 4011
Relevant Lines: 4627
💛 - Coveralls

@RaphaelVRossi
Copy link
Member

hey @guilhermef nice catch!

Maybe we should add a TODO comment, to change this "lock" version after a new release comes out. What do you think?

@RaphaelVRossi
Copy link
Member

I didn't find where MAX_IMAGE_PIXELS is ignored in Pillow 🚁

@guilhermef
Copy link
Member Author

@RaphaelVRossi, MAX_IMAGE_PIXELS is still present but isn't working as it should.

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

@guilhermef guilhermef merged commit 86b8077 into master Oct 30, 2023
@guilhermef guilhermef deleted the run-on-python3.12 branch October 30, 2023 08:00
@RaphaelVRossi
Copy link
Member

🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RaphaelVRossi RaphaelVRossi Awaiting requested review from RaphaelVRossi

@heynemann heynemann Awaiting requested review from heynemann

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@guilhermef @coveralls @RaphaelVRossi
0