helioguilherme66 / ride Goto Github PK
View Code? Open in Web Editor NEWThis project forked from robotframework/ride
Test data editor for Robot Framework
License: Apache License 2.0
ride's People
Contributors
Stargazers
Watchers
Forkers
mytliulei chenxi-shi 2eagle2 mawj friendlyfreedom radinsky jiangjay wonder1z jiranat doublepixel yst8493182 snoozebear 583404558 lanhao0 goooo3 vgfeng 294010390 lukysmile zerolugithub chenmiu daobatu c-i-automation way030724 william533036 haizih g-allen-s jonhuali prometheusseneca bdpqlhkride's Issues
Passing output directory as the argument, throwing error
When running test cases, I'm adding output directory as the argument. But, it is throwing the following error.
I want to create test result folder uniquely by using current data. I have followed the solution from stack overflow. https://stackoverflow.com/a/33907897/6604897
I'm using RIDE 1.7.3.1 and Python 3.7.3.
Bad set() in code (python 3.7)
/src/robotide/preferences/editors.py
def _set_value(self, editor, name):
# Guard against dead object
if editor:
set(name, int(editor.GetValue()))
here set is don't correct, create exception
File "C:\Python37-32\lib\site-packages\robotide\preferences\editors.py", line 157, in _set_value
set(name, int(editor.GetValue()))
TypeError: set expected at most 1 arguments, got 2
CVE-2019-11358 (Medium) detected in jquery-3.3.1.min.js
CVE-2019-11358 - Medium Severity Vulnerability
Vulnerable Library - jquery-3.3.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Path to vulnerable library: /RIDE/src/robotide/lib/robot/htmldata/lib/jquery.min.js
Dependency Hierarchy:
- ❌ jquery-3.3.1.min.js (Vulnerable Library)
Found in HEAD commit: 3235d9c8266c46bcf09348de4915ad83bff92c7a
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
The cells was too small when i open the Editor before writting testcase , can't set the cells size .
CVE-2019-12402 (High) detected in commons-compress-1.18.jar
CVE-2019-12402 - High Severity Vulnerability
Vulnerable Library - commons-compress-1.18.jar
Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
Path to dependency file: RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.18/commons-compress-1.18.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.141.59.26535.jar (Root Library)
- webdrivermanager-3.4.0.jar
- jarchivelib-1.0.0.jar
- ❌ commons-compress-1.18.jar (Vulnerable Library)
- jarchivelib-1.0.0.jar
- webdrivermanager-3.4.0.jar
Found in HEAD commit: 8bec9c3ea043a0965186d3d955d234cc660fc896
Vulnerability Details
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
Publish Date: 2019-08-30
URL: CVE-2019-12402
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402
Release Date: 2019-08-30
Fix Resolution: 1.19
Step up your Open Source Security Game with WhiteSource here
Computer freeze when RIDE open with long number of tests and suites
Windows 10 freeze with a long number of tests and suites when RIDE is open. The issue was present in the previous version and the latest version 1.73dev version. If you need the full example I can mask the tests and suite and attach to the issue.
Thanks
unicode is not correct in the execution log area
python version: 3.7.1
ride version: v1.7.3rc1
os: windows 10
Crash when navigating through test cases
Hi,
you already mentioned this problem in the releas notes, but there's no issue logged. It would be great to get some more information, because I have this problem with nearly every Ctrl-click on a keyword. RIDE simply closes without any error.
When starting RIDE, the following error is shown in the console output. Is this related somehow?
Traceback (most recent call last):
File "C:\Users\vmuser\AppData\Local\Programs\Python\Python36\lib\site-packages\wx\core.py", line 2165, in Notify
self.notify()
File "C:\Users\vmuser\AppData\Local\Programs\Python\Python36\lib\site-packages\wx\core.py", line 3334, in Notify
self.result = self.callable(*self.args, **self.kwargs)
File "C:\Users\vmuser\AppData\Local\Programs\Python\Python36\lib\site-packages\robotide\editor\editors.py", line 154, in _collabsible_changed
self._store_settings_open_status()
File "C:\Users\vmuser\AppData\Local\Programs\Python\Python36\lib\site-packages\robotide\editor\editors.py", line 89, in _store_settings_open_status
self._settings.IsExpanded()
RuntimeError: wrapped C/C++ object of type Settings has been deleted
Some Package information, Python version 3.6.6:
pywin32 223.1
pywinauto 0.6.5
robotframework 3.0.4
robotframework-databaselibrary 1.0.1
robotframework-ride 1.7.2
wxPython 4.0.2
CVE-2017-7658 (High) detected in jetty-http-9.4.8.v20171121.jar
CVE-2017-7658 - High Severity Vulnerability
Vulnerable Library - jetty-http-9.4.8.v20171121.jar
The Eclipse Jetty Project
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/org/eclipse/jetty/jetty-http/9.4.8.v20171121/jetty-http-9.4.8.v20171121.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- selenium-server-3.12.0.jar
- ❌ jetty-http-9.4.8.v20171121.jar (Vulnerable Library)
- selenium-server-3.12.0.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
Publish Date: 2018-06-26
URL: CVE-2017-7658
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-7658
Release Date: 2019-04-08
Fix Resolution: 9.4.11.v20180605
Step up your Open Source Security Game with WhiteSource here
'Loading the test data' dialog hang on X11 forwarding window when startup
I'm using Ubuntu 18.04 desktop as a remote host, and local host is Windows 7
when i run ride from xrdp remote desktop, it's running okay.
but if i connect ubuntu host with MobaXterm, and start ride.py in the terminal, the X11 frowarding window shows up, but the loading dialog hangs forever.
RIDE not refreshing after delete user keyword
Hi and thanks for support RIDE. A found that when I'm deleting a user keyword RIDE doesn't refresh the tree and I need to refresh the project to don't see the user keyword anymore. Any chance to take a look at the problem?
Thanks
RIDE 1.7 shutdown
RIDE 1.7, double click the shortcut, ride shutdown immediately.
error message
C:\Windows\system32>python
Python 2.7.14 (v2.7.14:84471935ed, Sep 16 2017, 20:19:30) [MSC v.1500 32 bit (In
tel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> from robotide import main
>>> main()
Creating librarykeywords database to "C:\Users\test\AppData\Roaming\RobotFramewo
rk\ride\librarykeywords.db"
Traceback (most recent call last):
File "C:\Python27\lib\site-packages\robotide\__init__.py", line 78, in main
_run(inpath, not noupdatecheck, debug_console)
File "C:\Python27\lib\site-packages\robotide\__init__.py", line 104, in _run
ride = RIDE(inpath, updatecheck)
File "C:\Python27\lib\site-packages\robotide\application\application.py", line
42, in __init__
wx.App.__init__(self, redirect=False)
File "C:\Python27\lib\site-packages\wx-2.8-msw-unicode\wx\_core.py", line 7981
, in __init__
self._BootstrapApp()
File "C:\Python27\lib\site-packages\wx-2.8-msw-unicode\wx\_core.py", line 7555
, in _BootstrapApp
return _core_.PyApp__BootstrapApp(*args, **kwargs)
File "C:\Python27\lib\site-packages\robotide\application\application.py", line
56, in OnInit
self._plugin_loader.enable_plugins()
File "C:\Python27\lib\site-packages\robotide\application\pluginloader.py", lin
e 36, in enable_plugins
p.enable_on_startup()
File "C:\Python27\lib\site-packages\robotide\application\pluginconnector.py",
line 51, in enable_on_startup
self.enable()
File "C:\Python27\lib\site-packages\robotide\application\pluginconnector.py",
line 56, in enable
self._plugin.enable()
File "C:\Python27\lib\site-packages\robotide\contrib\testrunner\testrunnerplug
in.py", line 143, in enable
self.SetProfile(self.profile)
File "C:\Python27\lib\site-packages\robotide\contrib\testrunner\testrunnerplug
in.py", line 627, in SetProfile
toolbar = p.get_toolbar(self.config_panel)
File "C:\Python27\lib\site-packages\robotide\contrib\testrunner\runprofiles.py
", line 167, in get_toolbar
self._toolbar = self._get_toolbar(parent)
File "C:\Python27\lib\site-packages\robotide\contrib\testrunner\runprofiles.py
", line 174, in _get_toolbar
sizer.Add(item(panel), 0, wx.ALL | wx.EXPAND)
File "C:\Python27\lib\site-packages\robotide\contrib\testrunner\runprofiles.py
", line 212, in ArgumentsPanel
self._validate_arguments(self.arguments or u'')
File "C:\Python27\lib\site-packages\robotide\contrib\testrunner\runprofiles.py
", line 253, in _validate_arguments
assert type(args) is unicode
AssertionError
Use --help to get usage information.
wxPython version is 2.12.8.1
but RIDE 1.5.2.1 is ok
Keyword Completion Menu not available
Hello,
Thanks for making RIDE available for python3 , I am trying to use this on mac (python3) but I am not able to use the keyword completion feature with the keyboard shortcut (ctrl + space) also I am not able to find the sub menu under tools menu as mentioned in the documentation. Is there a workaround for this under mac or is this feature not supported on osx as of now?
Thanks
Macro does not run
RIDE v1.7.3rc1 running on Python 3.6.5.
I have configured Macro to run simple batch file.
When I run the macro RIDE opens new tad with "command(running)" but does not happen anything.
Macro cannot be stopped and tab cannot be closed - Only re-run of RIDE.
- 46cc1be 2018-12-17
RIDE log show:
Thank you for helping developing and testing RIDE on Python 3 and wxPython 4
Traceback (most recent call last):
File "C:\Users\test1\my-virtualenv\rideReleasepy36\lib\site-packages\robotide\run\ui.py", line 43, in OnTimer
self._window.update_output(self._process.get_output(), finished)
File "C:\Users\test1\my-virtualenv\rideReleasepy36\lib\site-packages\robotide\run\ui.py", line 86, in update_output
self._output.update(output)
File "C:\Users\test1\my-virtualenv\rideReleasepy36\lib\site-packages\robotide\run\ui.py", line 114, in update
self.SetLabel(self.LabelText + addition.decode('UTF-8', 'ignore'))
AttributeError: 'str' object has no attribute 'decode'
Traceback (most recent call last):
File "C:\Users\test1\my-virtualenv\rideReleasepy36\lib\site-packages\robotide\run\ui.py", line 43, in OnTimer
self._window.update_output(self._process.get_output(), finished)
File "C:\Users\test1\my-virtualenv\rideReleasepy36\lib\site-packages\robotide\run\process.py", line 76, in get_output
output = self._out_file.read()
ValueError: I/O operation on closed file.
Hard crash during navigating window
sometimes when selecting testCase, click anywhere in grid and then click to another testCase it often hard crash (not a python exception but crash in wxPython in binary ).
I thought that it somehow relate to issue #20 but it does not
decode error when temp path includes chinese characters
def _create_temporary_directory(self):
self._output_dir = tempfile.mkdtemp(".d", "RIDE")
atexit.register(self._remove_temporary_directory)the type of tempfile.mkdtemp return is str, when the path includes chinese characters, decode error will report when write args to file
my pc is win7, python2.7.14
CVE-2015-6420 (High) detected in commons-collections-3.2.jar
CVE-2015-6420 - High Severity Vulnerability
Vulnerable Library - commons-collections-3.2.jar
Types that extend and augment the Java Collections Framework.
Library home page: http://jakarta.apache.org/commons/collections/
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2/commons-collections-3.2.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- javalib-core-1.2.1.jar
- ❌ commons-collections-3.2.jar (Vulnerable Library)
- javalib-core-1.2.1.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Publish Date: 2015-12-15
URL: CVE-2015-6420
CVSS 2 Score Details (7.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-6420
Release Date: 2019-04-08
Fix Resolution: 3.2.2,4.1
Step up your Open Source Security Game with WhiteSource here
CVE-2018-10237 (Medium) detected in guava-23.6-jre.jar
CVE-2018-10237 - Medium Severity Vulnerability
Vulnerable Library - guava-23.6-jre.jar
Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.
Library home page: https://github.com/google/guava/guava
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/com/google/guava/guava/23.6-jre/guava-23.6-jre.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- selenium-server-3.12.0.jar
- ❌ guava-23.6-jre.jar (Vulnerable Library)
- selenium-server-3.12.0.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Publish Date: 2018-04-26
URL: CVE-2018-10237
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-10237
Release Date: 2018-04-26
Fix Resolution: 24.1.1
Step up your Open Source Security Game with WhiteSource here
CVE-2015-4852 (High) detected in commons-collections-3.2.jar
CVE-2015-4852 - High Severity Vulnerability
Vulnerable Library - commons-collections-3.2.jar
Types that extend and augment the Java Collections Framework.
Library home page: http://jakarta.apache.org/commons/collections/
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2/commons-collections-3.2.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- javalib-core-1.2.1.jar
- ❌ commons-collections-3.2.jar (Vulnerable Library)
- javalib-core-1.2.1.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
Publish Date: 2015-11-18
URL: CVE-2015-4852
CVSS 2 Score Details (7.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://www.openwall.com/lists/oss-security/2015/11/17/19
Release Date: 2015-11-18
Fix Resolution: 3.2.2
Step up your Open Source Security Game with WhiteSource here
RIDE crash and gone when import resource
cannot delete argument for kw
When having keyword with multiple parameters and try to delete one argument, the argument is not deleted.
When try to delete argument with backspace, the argument is replaced by BS symbol.
when deleting it with delete button the argument is not deleted
When trying to delete it manually in text edit tab, when press an apply button an exception occur:
Traceback (most recent call last):
File "C:\Python\Python36\lib\site-packages\robotide\editor\texteditor.py", line 298, in
ButtonWithHandler(self, 'Apply Changes', handler=lambda e: self.save()))
File "C:\Python\Python36\lib\site-packages\robotide\editor\texteditor.py", line 430, in save
self._editor.utf8_text):
File "C:\Python\Python36\lib\site-packages\robotide\editor\texteditor.py", line 179, in validate_and_update
if not self._sanity_check(data, m_text):
File "C:\Python\Python36\lib\site-packages\robotide\editor\texteditor.py", line 190, in _sanity_check
formatted_text = data.format_text(text)
File "C:\Python\Python36\lib\site-packages\robotide\editor\texteditor.py", line 245, in format_text
return self._txt_data(self._create_target_from(text))
File "C:\Python\Python36\lib\site-packages\robotide\editor\texteditor.py", line 241, in _create_target_from
FromStringIOPopulator(target).populate(src)
File "C:\Python\Python36\lib\site-packages\robotide\editor\texteditor.py", line 530, in populate
robotapi.TxtReader().read(content, self)
File "C:\Python\Python36\lib\site-packages\robotide\lib\robot\parsing\tsvreader.py", line 26, in read
for row in Utf8Reader(tsvfile).readlines():
File "C:\Python\Python36\lib\site-packages\robotide\lib\robot\utils\utf8reader.py", line 47, in readlines
yield self._decode(line, remove_bom=index == 0)
File "C:\Python\Python36\lib\site-packages\robotide\lib\robot\utils\utf8reader.py", line 50, in _decode
if remove_bom and content.startswith(BOM_UTF8):
TypeError: startswith first arg must be str or a tuple of str, not bytes
PythonNot responding - robotframewotk 3.0.4
Hello everybody,
I have prepared everything to start using robotframework:
chromedriver==2.24.1
Pygments==2.2.0
robotframework==3.0.4
robotframework-ride==1.7.1
robotframework-selenium2library==3.0.0
robotframework-seleniumlibrary==3.1.1
selenium==3.12.0
six==1.11.0
wxPython==4.0.1
I can start it, but after few seconds everything is hanging, I am getting messages:
Robotframewotk - not responding
In task manager:
Python - not responding
In console I got that:
Traceback (most recent call last):
File "c:\program files\python36\lib\site-packages\wx\core.py", line 2158, in Notify
self.notify()
File "c:\program files\python36\lib\site-packages\wx\core.py", line 3315, in Notify
self.result = self.callable(*self.args, **self.kwargs)
File "c:\program files\python36\lib\site-packages\robotide\editor\editors.py", line 154, in _collabsible_changed
self._store_settings_open_status()
File "c:\program files\python36\lib\site-packages\robotide\editor\editors.py", line 89, in _store_settings_open_status
self._settings.IsExpanded()
RuntimeError: wrapped C/C++ object of type Settings has been deleted
Traceback (most recent call last):
File "c:\program files\python36\lib\site-packages\wx\core.py", line 2158, in Notify
self.notify()
File "c:\program files\python36\lib\site-packages\wx\core.py", line 3315, in Notify
self.result = self.callable(*self.args, **self.kwargs)
File "c:\program files\python36\lib\site-packages\robotide\editor\editors.py", line 154, in _collabsible_changed
self._store_settings_open_status()
File "c:\program files\python36\lib\site-packages\robotide\editor\editors.py", line 89, in _store_settings_open_status
self._settings.IsExpanded()
RuntimeError: wrapped C/C++ object of type Settings has been deleted
Does anybody know what is going on?
I was trying to fix it in may different ways, eg set highest priority or change Minimum processor state to biggesr value (because after Save project it use much CPU and after that it stop responded)
I also upgrade all stuff and still same bug.
Thanks for helping me
Tags events aren't working properly
For example, if I select a tag to edit and then select another one. The previous tag remains selected.
I think this is caused by some sort of incompatibility with the new wx version. Any ideas?
CVE-2012-0881 (High) detected in xercesimpl-2.11.0.jar
CVE-2012-0881 - High Severity Vulnerability
Vulnerable Library - xercesimpl-2.11.0.jar
Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.
Xerces2 is a fully conforming XML Schema 1.0 processor. A partial experimental implementation of the XML Schema 1.1 Structures and Datatypes Working Drafts (December 2009) and an experimental implementation of the XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010) are provided for evaluation. For more information, refer to the XML Schema page.
Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.
Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.</p>
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/xerces/xercesImpl/2.11.0/xercesImpl-2.11.0.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- selenium-server-3.12.0.jar
- ❌ xercesimpl-2.11.0.jar (Vulnerable Library)
- selenium-server-3.12.0.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
Publish Date: 2017-10-30
URL: CVE-2012-0881
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/XERCESJ-1685
Release Date: 2017-10-30
Fix Resolution: 2.12.0
Step up your Open Source Security Game with WhiteSource here
Copy&paste test case, RIED crash and application gone, it's very emergency bug.
- New test case
- Copy test case by context menu
- RIDE crash and gone
WS-2009-0001 (Low) detected in commons-codec-1.10.jar
WS-2009-0001 - Low Severity Vulnerability
Vulnerable Library - commons-codec-1.10.jar
The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/proper/commons-codec/
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- selenium-server-3.12.0.jar
- ❌ commons-codec-1.10.jar (Vulnerable Library)
- selenium-server-3.12.0.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.
Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability
Publish Date: 2007-10-07
URL: WS-2009-0001
CVSS 2 Score Details (0.0)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here
Unable to add Library in Ride
HI,
I am new to python, robotframework and ride.
Below is the configuration in my machine. I am unable to add selenium Library in Ride for Project and Test Suite. I am unable to type anything on Name text box.
python --version
Python 3.6.5
pybot --version
Robot Framework 3.0.4 (Python 3.6.5 on win32)
pip freeze
Pygments==2.2.0
PyPubSub==3.3.0
robotframework==3.0.4
robotframework-ride==1.7.2
robotframework-seleniumlibrary==3.1.1
selenium==3.12.0
six==1.11.0
wxPython==4.0.1
CVE-2013-4002 (High) detected in xercesimpl-2.11.0.jar
CVE-2013-4002 - High Severity Vulnerability
Vulnerable Library - xercesimpl-2.11.0.jar
Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.
Xerces2 is a fully conforming XML Schema 1.0 processor. A partial experimental implementation of the XML Schema 1.1 Structures and Datatypes Working Drafts (December 2009) and an experimental implementation of the XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010) are provided for evaluation. For more information, refer to the XML Schema page.
Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.
Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.</p>
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/xerces/xercesImpl/2.11.0/xercesImpl-2.11.0.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- selenium-server-3.12.0.jar
- ❌ xercesimpl-2.11.0.jar (Vulnerable Library)
- selenium-server-3.12.0.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
Publish Date: 2013-07-23
URL: CVE-2013-4002
CVSS 2 Score Details (7.1)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-4002
Release Date: 2013-07-23
Fix Resolution: 5.0 SR16-FP3,6 SR14,6.0.1 SR6,7 SR5
Step up your Open Source Security Game with WhiteSource here
don't get keywords prompts while adding keywords on Mac OS -
Hi Guys,
Installed Ride on Mac and it seems to be working fine with a few crashes sometimes - creating this as when your entering keywords and press Command space or contrl space I dont see an keywords prompt I have attached the Recording for the same.
Please let me know if you need any further information on this -
no suggestions code when use Ctrl + BackSpace
I've upgraded to latest version of RIDE, but no suggestions code when use Ctrl + BackSpace. I must use Ctrl + Alt + BackSpace. I think I feel inconvenient :(
Can not find "pybot" in testcase run Execution Profile
Hi, I'm sorry to disturb you, but there is a question to consult with you。
When i run testcase in RIDE 1.5.1, I can choose pybot in Execution Profile,just as the following picture shows:
However when i installed the RIDE 1.7.2, i can not find the pybot in the execution profile, just "robot" in it,you can see it in the following picture:
So i want to know if only the robot can be used in RIDE 1.7.2. Hope to your reply ,thanks.
Can't open ride on python3/macOS
Hello,
I've installed ride version 1.72 on top of python 3, wxpython 4.0.4, and robotframework 3.1.1. When I try to launch ride.py, I get the following error:
LiveoakMBP-02:bin melissa$ python3 ride.py
Please be aware of untested wxPython installation
RIDE officially supports wxPython 2.8.12.1 and 3.0.2.
Your current version is 4.0.4.
There are significant changes in newer wxPython versions. Notice that RIDE is still under development for wxPython 3.0.3 and newer (wxPython-Phoenix).
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/robotide/init.py", line 81, in main
_run(inpath, not noupdatecheck, debug_console)
File "/usr/local/lib/python3.7/site-packages/robotide/init.py", line 100, in _run
from robotide.application import RIDE
File "/usr/local/lib/python3.7/site-packages/robotide/application/init.py", line 15, in
from .application import RIDE, Project
File "/usr/local/lib/python3.7/site-packages/robotide/application/application.py", line 20, in
from robotide.namespace import Namespace
File "/usr/local/lib/python3.7/site-packages/robotide/namespace/init.py", line 15, in
from .namespace import Namespace
File "/usr/local/lib/python3.7/site-packages/robotide/namespace/namespace.py", line 29, in
from robotide import robotapi, utils
File "/usr/local/lib/python3.7/site-packages/robotide/robotapi.py", line 34, in
from robotide.lib.robot.running import TestLibrary, EXECUTION_CONTEXTS
File "/usr/local/lib/python3.7/site-packages/robotide/lib/robot/running/init.py", line 103, in
from .builder import TestSuiteBuilder, ResourceFileBuilder
File "/usr/local/lib/python3.7/site-packages/robotide/lib/robot/running/builder.py", line 17, in
from robot.parsing import TestData, ResourceFile as ResourceData, VALID_EXTENSIONS
ImportError: cannot import name 'VALID_EXTENSIONS' from 'robot.parsing' (/usr/local/lib/python3.7/site-packages/robot/parsing/init.py)
Any ideas on this? Thanks!!
Wrong row height in Keywords editor
The height of some rows use extra space.
cannot delete cell
1.7.1 has 'Save' button twice
Save button appears twice
wxPython==4.0.0
Python==3.6.4
pause test excution is not available by keyword "Comment PAUSE"
the value of args in attrs pass to is_breakpoint is empty
the code in TestRunnerAgent.py
def start_keyword(self, name, attrs):
# pass empty args, see https://github.com/nokia/RED/issues/32#issuecomment-240713102
attrs_copy = copy.copy(attrs)
attrs_copy['args'] = list()
self._send_socket("start_keyword", name, attrs_copy)
if self._debugger.is_breakpoint(name, attrs_copy):
self._debugger.pause()
......RIDE is not launching on Mac High sierra
@HelioGuilherme66 I badly need your help in fixing the following issue. I tried installing ride on mac high sierra. Even after installing wxPython I'm not able to run and launch ride on mac. Please provide me proper steps to install ride on mac. I am stuck at this and unable to launch ride on mac. Please do the needful, thanks in advance
sogs-mbp:~ sogdev$ ride.py
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/robotide/init.py", line 81, in main
_run(inpath, not noupdatecheck, debug_console)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/robotide/init.py", line 100, in _run
from robotide.application import RIDE
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/robotide/application/init.py", line 15, in
from .application import RIDE, Project
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/robotide/application/application.py", line 20, in
from robotide.namespace import Namespace
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/robotide/namespace/init.py", line 15, in
from .namespace import Namespace
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/robotide/namespace/namespace.py", line 30, in
from robotide.publish import PUBLISHER, RideSettingsChanged, RideLogMessage
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/robotide/publish/init.py", line 122, in
from .messages import *
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/robotide/publish/messages.py", line 20, in
from .messages2 import *
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/robotide/publish/messages2.py", line 24, in
from robotide.publish import publisher
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/robotide/publish/publisher.py", line 18, in
from wx.lib.pubsub import Publisher
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/wx/lib/pubsub/init.py", line 38, in
from pubsub import *
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pubsub/pub.py", line 146
def getDefaultPublisher() -> Publisher:
^
SyntaxError: invalid syntax
Use --help to get usage information.
can not start RIDE from desktop
hi,thanks for your contribution.But now i occured a problem.
my environment configurations are as follows:
os: windows10
1.python==3.6.4
2.wxPython==4.0.2
3.pywin32-223.win-amd64-py3.6
4.RIDE == 1.7.2
5.robotframework==3.0.4
when i installed ride1.7.2,a shortcut is created on desktop,when i double click it,nothing happened,so i can not start up RIDE,the RIDE's contribution is :C:\Python36\pythonw.exe -c "from robotide import main; main()".
i don't know how to solve this problem, can you help me? thanks!
CVE-2015-7501 (High) detected in commons-collections-3.2.jar
CVE-2015-7501 - High Severity Vulnerability
Vulnerable Library - commons-collections-3.2.jar
Types that extend and augment the Java Collections Framework.
Library home page: http://jakarta.apache.org/commons/collections/
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2/commons-collections-3.2.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- javalib-core-1.2.1.jar
- ❌ commons-collections-3.2.jar (Vulnerable Library)
- javalib-core-1.2.1.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Publish Date: 2017-11-09
URL: CVE-2015-7501
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7501
Release Date: 2017-12-31
Fix Resolution: Upgrade to version apache-commons-collections 4.1, apache-commons-collections 3.2.2 or greater
Step up your Open Source Security Game with WhiteSource here
CVE-2017-7657 (High) detected in jetty-http-9.4.8.v20171121.jar
CVE-2017-7657 - High Severity Vulnerability
Vulnerable Library - jetty-http-9.4.8.v20171121.jar
The Eclipse Jetty Project
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/org/eclipse/jetty/jetty-http/9.4.8.v20171121/jetty-http-9.4.8.v20171121.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- selenium-server-3.12.0.jar
- ❌ jetty-http-9.4.8.v20171121.jar (Vulnerable Library)
- selenium-server-3.12.0.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
Publish Date: 2018-06-26
URL: CVE-2017-7657
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-7657
Release Date: 2019-04-08
Fix Resolution: 9.4.11.v20180605
Step up your Open Source Security Game with WhiteSource here
search keywords dialog do not open
when open search keywords dialog for first time an exception occur with but dialog is shown
when closed and tried to open for the second time the same exeption occur and the dialog do not shown at all.
traceback:
Traceback (most recent call last):
File "C:\Python\Python36\lib\site-packages\robotide\ui\keywordsearch.py", line 215, in OnActivate
self._populate_search()
File "C:\Python\Python36\lib\site-packages\robotide\ui\keywordsearch.py", line 250, in _populate_search
self._update_keyword_selection()
File "C:\Python\Python36\lib\site-packages\robotide\ui\keywordsearch.py", line 261, in _update_keyword_selection
if not self._last_selected_kw in self._keywords and self._keywords:
File "C:\Python\Python36\lib\site-packages\robotide\spec\iteminfo.py", line 352, in eq
return self.name.lower() == other.name.lower() # and self.hash == other.hash
AttributeError: 'NoneType' object has no attribute 'name'
CVE-2017-15708 (High) detected in commons-collections-3.2.jar
CVE-2017-15708 - High Severity Vulnerability
Vulnerable Library - commons-collections-3.2.jar
Types that extend and augment the Java Collections Framework.
Library home page: http://jakarta.apache.org/commons/collections/
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2/commons-collections-3.2.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- javalib-core-1.2.1.jar
- ❌ commons-collections-3.2.jar (Vulnerable Library)
- javalib-core-1.2.1.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.
Publish Date: 2017-12-11
URL: CVE-2017-15708
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15708
Release Date: 2017-12-11
Fix Resolution: Apache Synapse - 3.0.1;Apache Commons Collections - 3.2.2
Step up your Open Source Security Game with WhiteSource here
CVE-2018-12536 (Medium) detected in jetty-util-9.4.8.v20171121.jar
CVE-2018-12536 - Medium Severity Vulnerability
Vulnerable Library - jetty-util-9.4.8.v20171121.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/org/eclipse/jetty/jetty-util/9.4.8.v20171121/jetty-util-9.4.8.v20171121.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- selenium-server-3.12.0.jar
- ❌ jetty-util-9.4.8.v20171121.jar (Vulnerable Library)
- selenium-server-3.12.0.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.
Publish Date: 2018-06-27
URL: CVE-2018-12536
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-12536
Release Date: 2019-04-08
Fix Resolution: 9.4.11.v20180605
Step up your Open Source Security Game with WhiteSource here
CVE-2019-16869 (High) detected in netty-all-4.0.21.Final.jar
CVE-2019-16869 - High Severity Vulnerability
Vulnerable Library - netty-all-4.0.21.Final.jar
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-all/4.0.21.Final/netty-all-4.0.21.Final.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.141.59.26535.jar (Root Library)
- selendroid-client-0.17.0.jar
- selendroid-server-common-0.17.0.jar
- ❌ netty-all-4.0.21.Final.jar (Vulnerable Library)
- selendroid-server-common-0.17.0.jar
- selendroid-client-0.17.0.jar
Found in HEAD commit: 09f3c1514b0f558c1ffb892637ec0d8874aead50
Vulnerability Details
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Publish Date: 2019-09-26
URL: CVE-2019-16869
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16869
Release Date: 2019-09-26
Fix Resolution: io.netty:netty-all:4.1.42.Final,io.netty:netty-codec-http:4.1.42.Final
Step up your Open Source Security Game with WhiteSource here
CVE-2018-1272 (High) detected in spring-core-5.0.0.RELEASE.jar
CVE-2018-1272 - High Severity Vulnerability
Vulnerable Library - spring-core-5.0.0.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/org/springframework/spring-core/5.0.0.RELEASE/spring-core-5.0.0.RELEASE.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- java-client-5.0.4.jar
- spring-context-5.0.0.RELEASE.jar
- ❌ spring-core-5.0.0.RELEASE.jar (Vulnerable Library)
- spring-context-5.0.0.RELEASE.jar
- java-client-5.0.4.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Publish Date: 2018-04-06
URL: CVE-2018-1272
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2018-1272
Fix Resolution: Users of affected versions should apply the following mitigation: 5.0.x users should upgrade to 5.0.5 4.3.x users should upgrade to 4.3.15 There are no other mitigation steps necessary.
Step up your Open Source Security Game with WhiteSource here
TC navigation tree fails to unrol correctly with excluded folders
when having excluded folders in project the navigation stop showing folowing folders in project tree:
when clicked to unroll END (inside of which there is excluded Result folder with others) all folowing folder disappear including contents of END folder
traceback on unroll tree:
Traceback (most recent call last):
File "C:\Python\Python36\lib\site-packages\wx\lib\agw\customtreectrl.py", line 7028, in OnPaint
self.PaintLevel(self._anchor, dc, 0, y, align)
File "C:\Python\Python36\lib\site-packages\wx\lib\agw\customtreectrl.py", line 6809, in PaintLevel
y = self.PaintLevel(children[n], dc, 1, y, align)
File "C:\Python\Python36\lib\site-packages\wx\lib\agw\customtreectrl.py", line 6970, in PaintLevel
y = self.PaintLevel(children[n], dc, level, y, align)
File "C:\Python\Python36\lib\site-packages\wx\lib\agw\customtreectrl.py", line 6970, in PaintLevel
y = self.PaintLevel(children[n], dc, level, y, align)
File "C:\Python\Python36\lib\site-packages\wx\lib\agw\customtreectrl.py", line 6858, in PaintLevel
if attr and attr.HasTextColour():
File "C:\Python\Python36\lib\site-packages\wx\lib\agw\customtreectrl.py", line 903, in HasTextColour
return self._colText != wx.NullColour and self._colText.IsOk()
AttributeError: 'str' object has no attribute 'IsOk'
Unable to Edit a Scaler variable via RIDE
I see this issue in both 1.7.1 and 1.7.2, using wxPython 2.8.12.1, python 2.7.5 on Centos 7
Test Suite has a Scaler defined, for example:
${variable_1} testvalue
If I double click the variable to edit it, it looks like the UI tries to convert it to a list and it is unable to be saved. If I try to change the value to testvalue1 it ends up looking like this in RIDE:
${variable_1} t|e|s|t|v|a|l|u|e|1
And I get errors in the terminal that I started RIDE in like this:
File "/usr/lib/python2.7/site-packages/robotide/editor/texteditor.py", line 121, in _on_timer
self._open_tree_selection_in_editor()
File "/usr/lib/python2.7/site-packages/robotide/editor/texteditor.py", line 145, in _open_tree_selection_in_editor
self.global_settings))
File "/usr/lib/python2.7/site-packages/robotide/editor/texteditor.py", line 413, in open
self._stored_text = self._data.content
File "/usr/lib/python2.7/site-packages/robotide/editor/texteditor.py", line 262, in content
return self._txt_data(self._data.data)
File "/usr/lib/python2.7/site-packages/robotide/editor/texteditor.py", line 267, in _txt_data
txt_separating_spaces=self._settings.get('txt number of spaces', 4))
File "/usr/lib/python2.7/site-packages/robotide/lib/robot/parsing/model.py", line 130, in save
return DataFileWriter(**options).write(self)
File "/usr/lib/python2.7/site-packages/robot/writer/datafilewriter.py", line 42, in write
FileWriter(ctx).write(datafile)
File "/usr/lib/python2.7/site-packages/robot/writer/filewriters.py", line 54, in write
self._write_table(table, is_last=table is tables[-1])
File "/usr/lib/python2.7/site-packages/robot/writer/filewriters.py", line 58, in _write_table
self._write_rows(self._formatter.format_table(table))
File "/usr/lib/python2.7/site-packages/robot/writer/filewriters.py", line 66, in _write_rows
for row in rows:
File "/usr/lib/python2.7/site-packages/robot/writer/formatters.py", line 46, in <genexpr>
return (self._format_row(r, table) for r in rows)
File "/usr/lib/python2.7/site-packages/robot/writer/formatters.py", line 52, in _split_rows
for original in original_rows:
File "/usr/lib/python2.7/site-packages/robot/writer/dataextractor.py", line 51, in _rows_from_item
yield [''] * indent + child.as_list()
File "/usr/lib/python2.7/site-packages/robotide/lib/robot/parsing/model.py", line 507, in as_list
return [self.name] + self.value + self.comment.as_list()
TypeError: can only concatenate list (not "unicode") to list
Fix code highlight in Text Editor when there are Comments tables
If we have Comments tables/sections, the code highlight gets broken from there.
Tested with RobotFramework 3.1a1
Example test file:
*** Test Cases ***
test
My Other New Keywordz Robot Framework
My Deletable Keywords
${message}= Set Variable This is a very very very very\ very very very very very very very very very\ very very very very long line that I want to split
Log ${message}
*** CoMmENt ***
New version of RobotFramework will ignore this line
new test
My Other New Keywordz Robot Framework
My Deletable Keywords
*** Keywords ***
My First Keyword
[Arguments] ${name}
Log To Console You passed ${name} to this keyword.
*** Comments ***
Bla Bla Bla
Another Bla
*** Comments ***
My Other New Keywordz
[Arguments] ${name}
My First Keyword ${name} is the best framework
My Deletable Keywords
[Arguments] ${name}=Gonna Be Deleted
Log To Console ${name}
size formatting of the Keywords Box
Hi Guys,
For some Reason the formatiing of the Keyword Box on Ride on Mac does not see to size according to text input - kindly have a look at this and let me know if you need any further information on it
attached is a screen shot for the same
Regards
Gladdy
CVE-2016-4970 (High) detected in netty-all-4.0.21.Final.jar
CVE-2016-4970 - High Severity Vulnerability
Vulnerable Library - netty-all-4.0.21.Final.jar
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Path to dependency file: /RIDE/doc/other/example_maven_runner/pom.xml
Path to vulnerable library: /root/.m2/repository/io/netty/netty-all/4.0.21.Final/netty-all-4.0.21.Final.jar
Dependency Hierarchy:
- robotframework-seleniumlibrary-3.12.0.1.jar (Root Library)
- selendroid-client-0.17.0.jar
- selendroid-server-common-0.17.0.jar
- ❌ netty-all-4.0.21.Final.jar (Vulnerable Library)
- selendroid-server-common-0.17.0.jar
- selendroid-client-0.17.0.jar
Found in HEAD commit: 4f4beac175ab69fcd60862bb33f578de5b9f3167
Vulnerability Details
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
Publish Date: 2017-04-13
URL: CVE-2016-4970
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-4970
Release Date: 2017-04-13
Fix Resolution: 4.0.37.Final,4.1.1.Final
Step up your Open Source Security Game with WhiteSource here
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.