AiiDA plugin for the ab initio modeling suite CRYSTAL, developed in Turin University
License: MIT License
This is the AiiDA plugin for running the CRYSTAL code, spin-off from the aiida-crystal17 plugin by Chris Sewell.
As of now, the development version can be installed:
>> git clone aiida-crystal-dft
>> pip install -e aiida-crystal-dftThe plugin can be used as any other AiiDA plugin.
MIT ยฉ Andrey Sobolev and Evgeny Blokhin, Tilde Materials Informatics
Feb 13 02:49:07 aiida-rev-6 kernel: [34883.362978] Out of memory: Kill process 27658 (verdi) score 31 or sacrifice child
Feb 13 02:49:07 aiida-rev-6 kernel: [34883.364805] Killed process 27658 (verdi) total-vm:1542612kB, anon-rss:507184kB, file-rss:0kB, shmem-rss:0kB
Feb 13 02:49:07 aiida-rev-6 kernel: [34883.404285] oom_reaper: reaped process 27658 (verdi), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
this leads to a total disaster ๐ญ
Occurs for the output of geometry optimization of the distinct phase CuZn/221/cP2
...
wf = Fort9(os.path.join(work_folder, 'fort.9'))
File "/usr/local/lib/python3.7/dist-packages/aiida_crystal/io/f9.py", line 27, in __init__
self._data = [f.read_record(rtype) for rtype in self._record_types]
File "/usr/local/lib/python3.7/dist-packages/aiida_crystal/io/f9.py", line 27, in <listcomp>
self._data = [f.read_record(rtype) for rtype in self._record_types]
File "/usr/lib/python3/dist-packages/scipy/io/_fortran.py", line 219, in read_record
first_size = self._read_size()
File "/usr/lib/python3/dist-packages/scipy/io/_fortran.py", line 109, in _read_size
return int(np.fromfile(self._fp, dtype=self._header_dtype, count=1))
TypeError: only size-1 arrays can be converted to Python scalars
e.g. for single atom calculations using MOLECULE
Vulnerable Library - PyYAML-3.13.tar.gzYAML parser and emitter for Python
Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz
Path to dependency file: /tmp/ws-scm/aiida-crystal
Path to vulnerable library: /aiida-crystal
Dependency Hierarchy:
Found in HEAD commit: 257fe82d6b517c2392d5ce4405c2b4bb9fd0dc3f
Vulnerability Details
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Publish Date: 2020-02-19
URL: CVE-2019-20477
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20477
Release Date: 2020-02-19
Fix Resolution: 5.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - Django-1.11.25-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/3c/ed/06a81a65fa00f766f2dbda94d09e946aa65c23e6d7ca3532984627a6c75a/Django-1.11.25-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/aiida-crystal
Path to vulnerable library: /aiida-crystal
Dependency Hierarchy:
Found in HEAD commit: 183c36a2e18eb6af64999d49a26f2c6396d2035b
Vulnerability Details
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
Publish Date: 2020-02-03
URL: CVE-2020-7471
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471
Release Date: 2020-02-03
Fix Resolution: 1.11.28,2.2.10,3.0.3
Step up your Open Source Security Game with WhiteSource here
root@vps9800:~/mpds-aiida# verdi calculation list
PK Creation State Type Computer Job state
---- ---------- -------------- -------------- ---------- -----------
145 18m ago Running | None crystal.serial zeus NEW | None
Total results: 1
root@vps9800:~/mpds-aiida# verdi calculation kill 145
********************************************************************************
| |
| DEPRECATION WARNING! |
| This command will be removed in a future release. Use 'verdi process kill' |
| instead. |
| |
********************************************************************************
Are you sure you want to kill 1 calculations? [y/N]: y
And then it hangs up, so I have to terminate after long waiting... But:
root@vps9800:~/mpds-aiida# verdi process kill 145
Success: killed Process<145>
root@vps9800:~/mpds-aiida# verdi calculation list
PK Creation State Type Computer Job state
---- ---------- -------------- -------------- ---------- -----------
145 23m ago Running | None crystal.serial zeus NEW | None
Total results: 1
So canceling seems not to work.
also for mpds-aiida repo
There is an architectural issue, as aiida_crystal_dft.data.basis.CrystalBasisData has double responsibilities:
Ideally, they should be decoupled from each other as it allows more granular usage.
cf. #34
Please, rename symmetrise to symmetrize
as I understand, this check is dirty and should not be there, but:
self.ctx.structure, error_code = self.get_structure()
if error_code is not None:
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/3c/ed/06a81a65fa00f766f2dbda94d09e946aa65c23e6d7ca3532984627a6c75a/Django-1.11.25-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/aiida-crystal
Path to vulnerable library: /aiida-crystal
Dependency Hierarchy:
Found in HEAD commit: f0bf5be1367e110bf64c8587c0fef1deb9e85a3f
Vulnerability Details
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
Publish Date: 2018-10-02
URL: CVE-2018-16984
CVSS 3 Score Details (4.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-16984
Release Date: 2018-10-02
Fix Resolution: 2.1.2
Step up your Open Source Security Game with WhiteSource here
Do we really need ejplugins and pymatgen?
Vulnerable Library - Django-1.11.25-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/3c/ed/06a81a65fa00f766f2dbda94d09e946aa65c23e6d7ca3532984627a6c75a/Django-1.11.25-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/aiida-crystal-dft
Path to vulnerable library: /aiida-crystal-dft
Dependency Hierarchy:
Found in HEAD commit: abb46a8617db1e9e7e896dbcd4ef4b26d57d911c
Vulnerability Details
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
Publish Date: 2020-06-03
URL: CVE-2020-13254
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
Release Date: 2020-06-03
Fix Resolution: 3.0.7,2.2.13
Step up your Open Source Security Game with WhiteSource here
Relatively often the strange huge values are generated, e.g.:
BAND
CRYSTAL RUN
10 9007199254740992 30 1 76 1 0
0 0 0 0 4503599627370496 0
0 4503599627370496 0 0 4503599627370496 4503599627370496
0 4503599627370496 4503599627370496 0 0 4503599627370496
0 0 4503599627370496 0 0 0
0 0 0 -4503599627370496 0 4503599627370496
-4503599627370496 0 4503599627370496 -4503599627370496 4503599627370496 4503599627370496
-4503599627370496 4503599627370496 4503599627370496 0 4503599627370496 0
0 4503599627370496 0 -4503599627370496 4503599627370496 0
-4503599627370496 4503599627370496 0 -4503599627370496 0 0
-4503599627370496 0 0 0 0 0
NEWK
...
root@aiida-rev-6:~# verdi process report 1478
*** 1478 [Li2Pt/191/hP3: Geometry optimization [1]]: None
*** Scheduler output: N/A
*** Scheduler errors: N/A
*** 1 LOG MESSAGES:
+-> REPORT at 2021-02-13 01:03:03.963000+00:00
| [1478|CrystalParallelCalculation|on_except]: Traceback (most recent call last):
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 79, in do_upload
| calc_info = process.presubmit(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/calcjob.py", line 445, in presubmit
| calc_info = self.prepare_for_submission(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/calculations/parallel.py", line 26, in prepare_for_submission
| self._prepare_input_files(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/calculations/common.py", line 145, in _prepare_input_files
| d12_file = D12(parameters=self.inputs.parameters.get_dict(), basis=basis_dict['basis_family'])
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/io/d12.py", line 19, in __init__
| self.use_basis(basis)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/io/d12.py", line 49, in use_basis
| self._basis = basis.content
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis_family.py", line 180, in content
| basis_strings = [b.content(state) for b, state in zip(bases, oxi_states)]
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis_family.py", line 180, in <listcomp>
| basis_strings = [b.content(state) for b, state in zip(bases, oxi_states)]
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis.py", line 48, in content
| basis = self.set_oxistate(oxi_state, high_spin_preferred)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis.py", line 105, in set_oxistate
| occs = self._get_occupations()
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis.py", line 132, in _get_occupations
| return get_occupations(self.get_dict())
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis.py", line 146, in get_occupations
| result[orbital_data[orb]["l"]].append(e)
| KeyError: 'p'
|
| The above exception was the direct cause of the following exception:
|
| Traceback (most recent call last):
| File "/usr/local/lib/python3.7/dist-packages/plumpy/processes.py", line 1085, in step
| next_state = yield self._run_task(self._state.execute)
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1063, in run
| yielded = self.gen.throw(*exc_info)
| File "/usr/local/lib/python3.7/dist-packages/plumpy/processes.py", line 507, in _run_task
| tornado.stack_context.StackContext(self._process_scope), functools.partial(coro, *args, **kwargs)
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1063, in run
| yielded = self.gen.throw(*exc_info)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 353, in execute
| yield self._launch_task(task_upload_job, self.process, transport_queue)
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1063, in run
| yielded = self.gen.throw(*exc_info)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 406, in _launch_task
| result = yield self._task
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/utils.py", line 115, in execute_coroutine
| result = yield coro(future)
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1063, in run
| yielded = self.gen.throw(*exc_info)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 91, in task_upload_job
| do_upload, initial_interval, max_attempts, logger=node.logger, ignore_exceptions=ignore_exceptions
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1063, in run
| yielded = self.gen.throw(*exc_info)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/utils.py", line 174, in exponential_backoff_retry
| result = yield coro()
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1069, in run
| yielded = self.gen.send(value)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 81, in do_upload
| raise PreSubmitException('exception occurred in presubmit call') from exception
| aiida.engine.processes.calcjobs.tasks.PreSubmitException: exception occurred in presubmit call
Please could we do anything with that?
root@aiida-rev-6:~# verdi process report 324
*** 324 [MgH2Cl4/Imma (74): Geometry optimization [1]]: None
*** Scheduler output: N/A
*** Scheduler errors: N/A
*** 1 LOG MESSAGES:
+-> REPORT at 2021-02-12 01:13:29.359913+00:00
| [324|CrystalParallelCalculation|on_except]: Traceback (most recent call last):
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/calculations/common.py", line 133, in _prepare_input_files
| spinlock = guess_spinlock(self.inputs.structure)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/utils/electrons.py", line 238, in guess_spinlock
| raise NotImplementedError("Structure does not contain transition elements")
| NotImplementedError: Structure does not contain transition elements
|
| During handling of the above exception, another exception occurred:
|
| Traceback (most recent call last):
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 79, in do_upload
| calc_info = process.presubmit(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/calcjob.py", line 445, in presubmit
| calc_info = self.prepare_for_submission(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/calculations/parallel.py", line 26, in prepare_for_submission
| self._prepare_input_files(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/calculations/common.py", line 148, in _prepare_input_files
| format(err))
| aiida.common.exceptions.InputValidationError: an input file could not be created from the parameters: Structure does not contain transition elements
|
| The above exception was the direct cause of the following exception:
|
| Traceback (most recent call last):
| File "/usr/local/lib/python3.7/dist-packages/plumpy/processes.py", line 1085, in step
| next_state = yield self._run_task(self._state.execute)
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1063, in run
| yielded = self.gen.throw(*exc_info)
| File "/usr/local/lib/python3.7/dist-packages/plumpy/processes.py", line 507, in _run_task
| tornado.stack_context.StackContext(self._process_scope), functools.partial(coro, *args, **kwargs)
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1063, in run
| yielded = self.gen.throw(*exc_info)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 353, in execute
| yield self._launch_task(task_upload_job, self.process, transport_queue)
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1063, in run
| yielded = self.gen.throw(*exc_info)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 406, in _launch_task
| result = yield self._task
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/utils.py", line 115, in execute_coroutine
| result = yield coro(future)
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1063, in run
| yielded = self.gen.throw(*exc_info)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 91, in task_upload_job
| do_upload, initial_interval, max_attempts, logger=node.logger, ignore_exceptions=ignore_exceptions
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1063, in run
| yielded = self.gen.throw(*exc_info)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/utils.py", line 174, in exponential_backoff_retry
| result = yield coro()
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1055, in run
| value = future.result()
| File "/usr/local/lib/python3.7/dist-packages/tornado/concurrent.py", line 238, in result
| raise_exc_info(self._exc_info)
| File "<string>", line 4, in raise_exc_info
| File "/usr/local/lib/python3.7/dist-packages/tornado/gen.py", line 1069, in run
| yielded = self.gen.send(value)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 81, in do_upload
| raise PreSubmitException('exception occurred in presubmit call') from exception
| aiida.engine.processes.calcjobs.tasks.PreSubmitException: exception occurred in presubmit call
root@aiida-master:~# verdi process report 15122
*** 15122 [Sb2Te3/166/hR15: Geometry optimization]: None
*** Scheduler output: N/A
*** Scheduler errors: N/A
*** 1 LOG MESSAGES:
+-> REPORT at 2019-12-19 11:27:07.696914+00:00
| [15122|CrystalParallelCalculation|on_except]: Traceback (most recent call last):
| File "/usr/local/lib/python3.5/dist-packages/plumpy/process_states.py", line 220, in execute
| result = self.run_fn(*self.args, **self.kwargs)
| File "/usr/local/lib/python3.5/dist-packages/aiida/engine/processes/calcjobs/calcjob.py", line 243, in run
| calc_info, script_filename = self.presubmit(folder)
| File "/usr/local/lib/python3.5/dist-packages/aiida/engine/processes/calcjobs/calcjob.py", line 324, in presubmit
| calcinfo = self.prepare_for_submission(folder)
| File "/usr/local/lib/python3.5/dist-packages/aiida_crystal/calculations/parallel.py", line 27, in prepare_for_submission
| self._prepare_input_files(folder)
| File "/usr/local/lib/python3.5/dist-packages/aiida_crystal/calculations/common.py", line 110, in _prepare_input_files
| Fort34(basis=basis_dict['basis_family']).from_aiida(self.inputs.structure).write(f)
| File "/usr/local/lib/python3.5/dist-packages/aiida_crystal/io/f34.py", line 58, in from_aiida
| return self.from_ase(ase_struct)
| File "/usr/local/lib/python3.5/dist-packages/aiida_crystal/io/f34.py", line 83, in from_ase
| self.crystal_type = get_crystal_system(self.space_group, as_number=True)
| File "/usr/local/lib/python3.5/dist-packages/aiida_crystal/utils/geometry.py", line 79, in get_crystal_system
| for k, v in CRYSTAL_TYPE_MAP.items()}[crystal_system]
| KeyError: 'trigonal'
Submitted WorkChain 21646 for AgDy/221/cP2
/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/ports.py:111: UserWarning: default of input port `clean_workdir` is a `Node` instance, which can lead to unexpected side effects. It is advised to use a lambda instead, e.g.: `default=lambda: orm.Int(5)`.
warnings.warn(UserWarning(message)) # pylint: disable=no-member
Please avoid caching MPDS data into entries.csv and reading using ast.literal_eval. Moreover, the API key can be stored relatively securely in a user shell environment. Although CI usage is inapplicable in this particular case, a user should be able to test MPDS retrieval on his own machine with his own API key.
Cross-posting tilde-lab/pycrystal#9
Vulnerable Library - Django-1.11.25-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/3c/ed/06a81a65fa00f766f2dbda94d09e946aa65c23e6d7ca3532984627a6c75a/Django-1.11.25-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/aiida-crystal
Path to vulnerable library: /aiida-crystal
Dependency Hierarchy:
Found in HEAD commit: f0bf5be1367e110bf64c8587c0fef1deb9e85a3f
Vulnerability Details
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
Publish Date: 2019-12-18
URL: CVE-2019-19844
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
Release Date: 2019-12-18
Fix Resolution: 1.11.27;2.2.9;3.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - PyYAML-3.13.tar.gzYAML parser and emitter for Python
Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz
Path to dependency file: /tmp/ws-scm/aiida-crystal
Path to vulnerable library: /aiida-crystal
Dependency Hierarchy:
Found in HEAD commit: f0bf5be1367e110bf64c8587c0fef1deb9e85a3f
Vulnerability Details
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
Publish Date: 2018-06-27
URL: CVE-2017-18342
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-18342
Release Date: 2018-06-27
Fix Resolution: 4.1
Step up your Open Source Security Game with WhiteSource here
File "/usr/local/lib/python3.7/dist-packages/mpds_aiida/properties.py", line 177, in properties_run_direct
result = Fort25(os.path.join(work_folder, 'fort.25')).parse()
File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/io/f25.py", line 53, in parse
result[part] = self._parser[part](data)
File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/io/f25.py", line 75, in _parse_bands
assert result["n_bands"] == parsed_data["header"][2]
AssertionError
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/3c/ed/06a81a65fa00f766f2dbda94d09e946aa65c23e6d7ca3532984627a6c75a/Django-1.11.25-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/aiida-crystal-dft
Path to vulnerable library: /aiida-crystal-dft
Dependency Hierarchy:
Found in HEAD commit: 41c69cc212ceee606d6d1b39ead73ea4cd21d983
Vulnerability Details
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
Publish Date: 2020-03-05
URL: CVE-2020-9402
CVSS 3 Score Details (5.0)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402
Release Date: 2020-03-05
Fix Resolution: 1.11.29,2.2.11,3.0.4
Step up your Open Source Security Game with WhiteSource here
Kind of heisenbug... so far the sequence of actions robustly leading to the availability of the key to the AiiDA daemon is not well documented.
Should be changed in AiiDA somewhere e.g. options.metadata.stderr_name
# verdi process report 30280
*** 30280 [HgEr/221/cP2: Geometry optimization [2]]: None
*** Scheduler output: N/A
*** Scheduler errors: N/A
*** 1 LOG MESSAGES:
+-> REPORT at 2020-04-21 15:49:14.726775+00:00
| [30280|CrystalParallelCalculation|on_except]: Traceback (most recent call last):
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 78, in do_upload
| calc_info, script_filename = process.presubmit(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/calcjob.py", line 312, in presubmit
| calc_info = self.prepare_for_submission(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/calculations/parallel.py", line 24, in prepare_for_submission
| self._prepare_input_files(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/calculations/common.py", line 112, in _prepare_input_files
| basis_dict['basis_family'], {})
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/io/d12_write.py", line 71, in write_input
| outstr = _basis_set_block(outstr, indict, basis, atom_props, is_basis_family)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/io/d12_write.py", line 184, in _basis_set_block
| content = basis.content
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis_family.py", line 176, in content
| basis_strings = [b.content(state) for b, state in zip(bases, oxi_states)]
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis_family.py", line 176, in <listcomp>
| basis_strings = [b.content(state) for b, state in zip(bases, oxi_states)]
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis.py", line 48, in content
| basis = self.set_oxistate(oxi_state, high_spin_preferred)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis.py", line 110, in set_oxistate
| occs = add_valence_electrons(-oxi_state, occs, self.element, high_spin_preferred)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/data/basis.py", line 199, in add_valence_electrons
| n_e = occs[orb][i_valence[orb]]
| KeyError: 'p'
This script downloads and saves the BS element-wise automatically:
https://github.com/mpds-io/mpds-aiida/blob/master/bin/run_get_unito_bsl.py
everything is nicely prepared:
root@aiida-test-cloud:~/MPDSBSL# ls
Ac.basis As.basis Ca.basis Cl.basis Dy.basis Fe.basis Hf.basis Ir.basis Mg.basis Nb.basis O.basis Pm.basis Rh.basis Se.basis Tb.basis Tm.basis Yb.basis
Ag.basis B.basis C.basis Cm.basis Er.basis Ga.basis Hg.basis K.basis Mn.basis Nd.basis Os.basis Pr.basis Ru.basis Si.basis Tc.basis U.basis Zn.basis
Al.basis Be.basis Cd.basis Co.basis Es.basis Gd.basis Ho.basis La.basis Mo.basis Ne.basis Pa.basis Pu.basis S.basis Sm.basis Te.basis V.basis Zr.basis
Am.basis Bk.basis Ce.basis Cr.basis Eu.basis Ge.basis I.basis Li.basis Na.basis Ni.basis P.basis Rb.basis Sb.basis Sn.basis Th.basis W.basis
Ar.basis Br.basis Cf.basis Cu.basis F.basis H.basis In.basis Lu.basis N.basis Np.basis Pd.basis Re.basis Sc.basis Sr.basis Ti.basis Y.basis
However, verdi data crystal uploadfamily --name=MPDSBSL does not like these basis set and thinks there are more than one basis set for some element, which is not true.
NB also AiidaDeprecationWarning
Vulnerable Library - Django-1.11.25-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/3c/ed/06a81a65fa00f766f2dbda94d09e946aa65c23e6d7ca3532984627a6c75a/Django-1.11.25-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/aiida-crystal
Path to vulnerable library: /aiida-crystal
Dependency Hierarchy:
Found in HEAD commit: f0bf5be1367e110bf64c8587c0fef1deb9e85a3f
Vulnerability Details
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)
Publish Date: 2019-12-02
URL: CVE-2019-19118
CVSS 2 Score Details (6.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19118
Release Date: 2019-12-02
Fix Resolution: 2.1.15,2.2.8,3.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - psutil-5.6.3.tar.gzCross-platform lib for process and system monitoring in Python.
Library home page: https://files.pythonhosted.org/packages/1c/ca/5b8c1fe032a458c2c4bcbe509d1401dca9dda35c7fc46b36bb81c2834740/psutil-5.6.3.tar.gz
Path to dependency file: /tmp/ws-scm/aiida-crystal
Path to vulnerable library: /aiida-crystal
Dependency Hierarchy:
Found in HEAD commit: f0bf5be1367e110bf64c8587c0fef1deb9e85a3f
Vulnerability Details
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
Publish Date: 2019-11-12
URL: CVE-2019-18874
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Change files
Origin: giampaolo/psutil@29815d3
Release Date: 2019-11-07
Fix Resolution: Replace or update the following files: _psutil_sunos.c, _psutil_aix.c, _psutil_windows.c, _psutil_bsd.c, _psutil_linux.c, _psutil_osx.c
Step up your Open Source Security Game with WhiteSource here
The traceback reads:
File "bin/aiida_submit_ht_test.py", line 39, in <module>
wc = submit(MPDSCrystalWorkchain, **inputs)
File "/usr/local/lib/python3.7/dist-packages/aiida/engine/launch.py", line 112, in submit
process = instantiate_process(runner, process, **inputs)
File "/usr/local/lib/python3.7/dist-packages/aiida/engine/utils.py", line 61, in instantiate_process
process = process_class(runner=runner, inputs=inputs)
File "/usr/local/lib/python3.7/dist-packages/plumpy/base/state_machine.py", line 187, in __call__
inst.transition_to(inst.create_initial_state())
File "/usr/local/lib/python3.7/dist-packages/plumpy/base/state_machine.py", line 326, in transition_to
self.transition_failed(initial_state_label, label, *sys.exc_info()[1:])
File "/usr/local/lib/python3.7/dist-packages/plumpy/base/state_machine.py", line 339, in transition_failed
six.reraise(type(exception), exception, trace)
File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
raise value
File "/usr/local/lib/python3.7/dist-packages/plumpy/base/state_machine.py", line 310, in transition_to
self._enter_next_state(new_state)
File "/usr/local/lib/python3.7/dist-packages/plumpy/base/state_machine.py", line 370, in _enter_next_state
self._fire_state_event(StateEventHook.ENTERING_STATE, next_state)
File "/usr/local/lib/python3.7/dist-packages/plumpy/base/state_machine.py", line 288, in _fire_state_event
callback(self, hook, state)
File "/usr/local/lib/python3.7/dist-packages/plumpy/processes.py", line 306, in <lambda>
lambda _s, _h, state: self.on_entering(state))
File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/process.py", line 338, in on_entering
super(Process, self).on_entering(state)
File "/usr/local/lib/python3.7/dist-packages/plumpy/processes.py", line 599, in on_entering
call_with_super_check(self.on_create)
File "/usr/local/lib/python3.7/dist-packages/plumpy/base/utils.py", line 29, in call_with_super_check
fn(*args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/process.py", line 328, in on_create
super(Process, self).on_create()
File "/usr/local/lib/python3.7/dist-packages/plumpy/base/utils.py", line 16, in new_fn
fn(self, *args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/plumpy/processes.py", line 651, in on_create
raise ValueError(result)
ValueError: Error occurred validating port 'inputs.properties_code': required value was not provided for 'properties_code'
NB this directive makes no sense with yascheduler.
This in principle contradicts to the AiiDA's idea, but anyway useful to support e.g. for a standalone usage.
Vulnerable Library - Django-1.11.25-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/3c/ed/06a81a65fa00f766f2dbda94d09e946aa65c23e6d7ca3532984627a6c75a/Django-1.11.25-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/aiida-crystal-dft
Path to vulnerable library: /aiida-crystal-dft
Dependency Hierarchy:
Found in HEAD commit: abb46a8617db1e9e7e896dbcd4ef4b26d57d911c
Vulnerability Details
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
Publish Date: 2020-06-03
URL: CVE-2020-13596
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
Release Date: 2020-06-03
Fix Resolution: 3.0.7,2.2.13
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - PyYAML-3.13.tar.gzYAML parser and emitter for Python
Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz
Path to dependency file: /tmp/ws-scm/aiida-crystal-dft
Path to vulnerable library: /aiida-crystal-dft
Dependency Hierarchy:
Found in HEAD commit: c260235549d66cddc25eaaef47be8b8eed920737
Vulnerability Details
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
Publish Date: 2020-03-24
URL: CVE-2020-1747
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747
Release Date: 2020-03-24
Fix Resolution: 5.3.1
Step up your Open Source Security Game with WhiteSource here
Happened while:
...
('Li', 'F')
Got 17 hits
Submitted WorkChain 519 for LiF/225/cF8
root@aiida-new:~/mpds-aiida# verdi process report 519
2020-02-11 19:50:20 [217 | WARNING]: Skipping phonon frequency calculation
2020-02-11 19:50:20 [218 | REPORT]: [519|MPDSCrystalWorkchain|on_except]: Traceback (most recent call last):
File "/usr/local/lib/python3.7/dist-packages/plumpy/process_states.py", line 220, in execute
result = self.run_fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/workchains/workchain.py", line 181, in _do_step
finished, stepper_result = self._stepper.step()
File "/usr/local/lib/python3.7/dist-packages/plumpy/workchains.py", line 283, in step
finished, result = self._child_stepper.step()
File "/usr/local/lib/python3.7/dist-packages/plumpy/workchains.py", line 234, in step
return True, self._fn(self._workchain)
File "/usr/local/lib/python3.7/dist-packages/mpds_aiida/workflows/crystal.py", line 164, in calculate_elastic_constants
self.ctx.inputs.crystal.structure = self.ctx.optimise.outputs.output_structure
File "/usr/local/lib/python3.7/dist-packages/aiida/orm/utils/managers.py", line 85, in __getattr__
return self._get_node_by_link_label(label=name)
File "/usr/local/lib/python3.7/dist-packages/aiida/orm/utils/managers.py", line 66, in _get_node_by_link_label
return self._node.get_outgoing(link_type=self._link_type).get_node_by_label(label)
File "/usr/local/lib/python3.7/dist-packages/aiida/orm/utils/links.py", line 308, in get_node_by_label
raise exceptions.NotExistent('no neighbor with the label {} found'.format(label))
aiida.common.exceptions.NotExistent: no neighbor with the label output_structure found
Already discussed in #30 but not resolved.
File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/utils/kpoints.py", line 179, in construct_kpoints_path
special_k = {v: k for k, v in get_special_kpoints(sg_symbol, sg_number).items()}
File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/utils/kpoints.py", line 125, in get_special_kpoints
return SPECIAL_K[(lattice, symbol[0])]
KeyError: ('orthorhombic', 'A')
Similar: KeyError: ('orthorhombic', 'C')
This is to prevent mixing Error codes and data objects in the same variable.
root@aiida-rev-6:~# verdi process report 14584
*** 14584 [Mg3Ru2/213/cP20: Phonon frequency [1]]: None
*** Scheduler output: N/A
*** Scheduler errors: N/A
*** 1 LOG MESSAGES:
+-> REPORT at 2021-02-20 02:55:54.580211+00:00
| [14584|CrystalParallelCalculation|on_except]: Traceback (most recent call last):
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 79, in do_upload
| calc_info = process.presubmit(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/calcjob.py", line 445, in presubmit
| calc_info = self.prepare_for_submission(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/calculations/parallel.py", line 26, in prepare_for_submission
| self._prepare_input_files(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/calculations/common.py", line 152, in _prepare_input_files
| f.write(str(d12_file))
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/io/d12.py", line 29, in __str__
| render = template.render(basis=self._basis, **self._input)
| File "/usr/lib/python3/dist-packages/jinja2/asyncsupport.py", line 76, in render
| return original_render(self, *args, **kwargs)
| File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 1008, in render
| return self.environment.handle_exception(exc_info, True)
| File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 780, in handle_exception
| reraise(exc_type, exc_value, tb)
| File "/usr/lib/python3/dist-packages/jinja2/_compat.py", line 37, in reraise
| raise value.with_traceback(tb)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/schemas/jinja/d12.j2", line 16, in top-level template code
| {% include 'geometry_phonons.j2' %}
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/schemas/jinja/geometry_phonons.j2", line 14, in top-level template code
| {{ macros.optional_key(geometry.phonons.INTENS, 'technique') -}}
| File "/usr/lib/python3/dist-packages/jinja2/runtime.py", line 579, in _invoke
| rv = self._func(*arguments)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/schemas/jinja/macros.j2", line 15, in template
| {% if key in parent %}
| TypeError: argument of type 'bool' is not iterable
root@aiida-cloud-rev-3:~# verdi process report 76211
*** 76211 [SmGa2/191/hP3: Elastic constants [1]]: None
*** Scheduler output: N/A
*** Scheduler errors:
PROCESS 7 OF 16 WORKING
...
POSSIBLY CONDUCTING STATE - EFERMI(AU) -9.1911109E-02 (RES. CHARGE 6.21E-11;IT. 8)
TTTTTTTTTTTTTTTTTTTTTTTTTTTTTT PDIG TELAPSE 537.22 TCPU 475.92
CHARGE NORMALIZATION FACTOR 1.00000000
TOTAL ATOMIC CHARGES:
31.9708532 31.9708532 32.0582937
SUMMED SPIN DENSITY -6.00585901
TOTAL ATOMIC SPINS :
-0.0351015 -0.0351015 -5.9356561
TTTTTTTTTTTTTTTTTTTTTTTTTTTTTT MOQGAD TELAPSE 537.23 TCPU 475.92
*** 1 LOG MESSAGES:
+-> REPORT at 2020-07-29 22:04:25.339512+02:00
| [76211|CrystalParallelCalculation|on_except]: Traceback (most recent call last):
| File "/usr/local/lib/python3.7/dist-packages/plumpy/process_states.py", line 220, in execute
| result = self.run_fn(*self.args, **self.kwargs)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/calcjob.py", line 262, in parse
| exit_code = execmanager.parse_results(self, retrieved_temporary_folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/daemon/execmanager.py", line 439, in parse_results
| exit_code = parser.parse(**parse_kwargs)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/parsers/cry_pycrystal.py", line 102, in parse
| self.add_node(self._linkname_parameters, f, self.parse_stdout)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/parsers/cry_pycrystal.py", line 120, in add_node
| parse_result = callback(f)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/parsers/cry_pycrystal.py", line 126, in parse_stdout
| params = self.stdout_parser.get_parameters()
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal_dft/io/pycrystal/out.py", line 35, in get_parameters
| 'energy_accuracy': abs(self.info['e_accuracy']),
| TypeError: bad operand type for abs(): 'NoneType'
Powerful data structures for data analysis, time series, and statistics
Library home page: https://files.pythonhosted.org/packages/db/83/7d4008ffc2988066ff37f6a0bb6d7b60822367dcb36ba5e39aa7801fda54/pandas-0.24.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: /tmp/ws-scm/aiida-crystal-dft
Path to vulnerable library: /aiida-crystal-dft
Dependency Hierarchy:
Found in HEAD commit: abb46a8617db1e9e7e896dbcd4ef4b26d57d911c
Vulnerability Details
** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner.
Publish Date: 2020-05-15
URL: CVE-2020-13091
CVSS 3 Score Details (9.8)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
i.e. calc_setup['parameters']['crystal']['scf']['fock_mixing'] = {'BROYDEN': [0.00001, 85, 2]} gives 1e-05 in the input file (expected verbatim 0.00001)
There are parsing troubles with some basis sets taken from CRYSTAL website:
print(BasisFile().parse(
"""
22 9
0 0 8 2. 1.
225338 0.000228
32315 0.001929
6883.61 0.011100
1802.14 0.05
543.063 0.17010
187.549 0.369
73.2133 0.4033
30.3718 0.1445
0 1 6 8. 1.
554.042 -0.0059 0.0085
132.525 -0.0683 0.0603
43.6801 -0.1245 0.2124
17.2243 0.2532 0.3902
7.2248 0.6261 0.4097
2.4117 0.282 0.2181
0 1 4 8. 1.
24.4975 0.0175 -0.0207
11.4772 -0.2277 -0.0653
4.4653 -0.7946 0.1919
1.8904 1.0107 1.3778
0 1 1 2. 1.
0.790008359901 1. 1.
0 1 1 0. 1.
0.35160337936 1. 1.
0 3 3 2. 1.
8.89621398666 0.163566701992
2.76266406164 0.444392907716
1.0600606657 0.505403203892
0 3 1 0. 1.
0.858484740501 1.
0 3 1 0. 1
0.486945513149 1.
0 4 1 0. 1
0.633249434959 1.
"""))
print(BasisFile().parse("""
44 9
0 0 9 2. 1.
3166277 0.00004
482609.1875 0.00037
105231.7031 0.00219
26313.60547 0.0112
7459.587891 0.0469
2360.604004 0.1563
833.39624 0.3526
326.658875 0.4256
134.861252 0.1722
0 1 7 8. 1.
9112.118164 -0.000365 0.00102
2105.316895 -0.00667 0.00942
637.714905 -0.0568 0.0565
222.595306 -0.1476 0.2188
87.473663 0.1814 0.4567
38.763508 0.6558 0.4141
18.197332 0.338 0.1416
0 1 6 8. 1.
198.43043 0.0057 -0.0145
74.031459 -0.0379 -0.0729
31.257783 -0.336 0.0624
13.428948 0.0911 0.9371
6.114899 0.9727 1.2605
2.837471 0.3545 0.3796
0 3 6 10. 1.
302.699 0.00952
90.0461 0.0687
33.4152 0.2419
13.6072 0.4398
5.7385 0.3871
2.3658 0.1007
0 1 3 8. 1.
4.8237 -3.7531 -0.0844
2.2638 1.209 0.53
0.9834 9.1158 0.9781
0 1 1 1. 1.
0.4137 1.0 1.0
0 1 1 0. 1.
0.2 1.0
0 3 3 7. 1.
3.5258 0.1719
1.3399 0.4625
0.5788 0.4814
0 3 1 0. 1.
0.25 1.0
"""))
print(BasisFile().parse("""
1 3
0 0 3 1.0 1.0
.1873113696D+02 .3349460434D-01
.2825394365D+01 .2347269535D+00
.6401216923D+00 .8137573262D+00
0 0 1 0.0 1.0
.1612777588D+00 .1000000000D+01
0 2 1 0.0 1.0
.1100000000D+01 .1000000000D+01
"""))
Considerable parts of data are getting lost!
root@aiida-repl:~# verdi process report 720
*** 720 [Be5Zr/191/hP6: Geometry optimization [2]]: None
*** Scheduler output: N/A
*** Scheduler errors: N/A
*** 1 LOG MESSAGES:
+-> REPORT at 2020-02-16 02:17:28.265110+01:00
| [720|CrystalParallelCalculation|on_except]: Traceback (most recent call last):
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/tasks.py", line 78, in do_upload
| calc_info, script_filename = process.presubmit(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida/engine/processes/calcjobs/calcjob.py", line 312, in presubmit
| calc_info = self.prepare_for_submission(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal/calculations/parallel.py", line 24, in prepare_for_submission
| self._prepare_input_files(folder)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal/calculations/common.py", line 109, in _prepare_input_files
| oxi_states = guess_oxistates(self.inputs.structure)
| File "/usr/local/lib/python3.7/dist-packages/aiida_crystal/utils/electrons.py", line 208, in guess_oxistates
| return dict(zip(elements, sorted(weights.items(), key=lambda x: x[1], reverse=True)[0][0]))
| IndexError: list index out of range
root@aiida-repl:~# verdi data crystal createpredefined
Created 5 predefined basis families:
STO-3G, STO-6G, POB-DZVP, POB-DZVPP, POB-TZVP
root@aiida-repl:~# verdi data crystal listfamilies
Family Num Basis Sets
--------- ----------------
TZVP_REV2 47
root@aiida-repl:~#
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.