[crash] doc params extension: --accept-no-param-doc: conflicting option string(s) #5322

Pierre-Sassoulas · 2021-11-16T14:30:15Z

Bug description

There is a crash when using the doc_params extension.

Command used

pylint --load-plugins=pylint.extensions.docparams a.py

Pylint output

Traceback (most recent call last):
  File "/home/pierre/myproject_bin/pylint", line 8, in <module>
    sys.exit(run_pylint())
  File "/home/pierre/myproject_lib/python3.8/site-packages/pylint/__init__.py", line 24, in run_pylint
    PylintRun(sys.argv[1:])
  File "/home/pierre/myproject_lib/python3.8/site-packages/pylint/lint/run.py", line 345, in __init__
    linter.load_plugin_modules(plugins)
  File "/home/pierre/myproject_lib/python3.8/site-packages/pylint/lint/pylinter.py", line 591, in load_plugin_modules
    module.register(self)
  File "/home/pierre/myproject_lib/python3.8/site-packages/pylint/extensions/check_docs.py", line 26, in register
    linter.register_checker(docparams.DocstringParameterChecker(linter))
  File "/home/pierre/myproject_lib/python3.8/site-packages/pylint/lint/pylinter.py", line 717, in register_checker
    self.register_options_provider(checker)
  File "/home/pierre/myproject_lib/python3.8/site-packages/pylint/config/option_manager_mixin.py", line 99, in register_options_provider
    self.add_option_group(
  File "/home/pierre/myproject_lib/python3.8/site-packages/pylint/config/option_manager_mixin.py", line 136, in add_option_group
    self.add_optik_option(provider, group, opt, optdict)
  File "/home/pierre/myproject_lib/python3.8/site-packages/pylint/config/option_manager_mixin.py", line 140, in add_optik_option
    option = optikcontainer.add_option(*args, **optdict)
  File "/usr/lib/python3.8/optparse.py", line 1008, in add_option
    self._check_conflict(option)
  File "/usr/lib/python3.8/optparse.py", line 980, in _check_conflict
    raise OptionConflictError(
optparse.OptionConflictError: option --accept-no-param-doc: conflicting option string(s): --accept-no-param-doc

Expected behavior

No crash.

Pylint version

pylint 2.11.2-dev0
astroid 2.8.5
Python 3.8.10 (default, Sep 28 2021, 16:10:42) 
[GCC 9.3.0]

DanielNoord · 2021-11-16T14:32:28Z

See:
#5315 (comment)

You are likely loading the extension twice because the only effect of loading check_docs is to load the docparams extension.

jolaf · 2021-11-25T19:43:44Z

You are likely loading the extension twice because the only effect of loading check_docs is to load the docparams extension.

Probably the problem is --list-extensions lists BOTH check_docs AND docparams, probably --enable-all-extensions does the same mistake.

$ pylint --list-extensions  | sort
pylint.extensions.bad_builtin
pylint.extensions.broad_try_clause
pylint.extensions.check_docs
pylint.extensions.check_elif
pylint.extensions.code_style
pylint.extensions.comparetozero
pylint.extensions.comparison_placement
pylint.extensions.confusing_elif
pylint.extensions.consider_ternary_expression
pylint.extensions.docparams
pylint.extensions.docstyle
pylint.extensions.empty_comment
pylint.extensions.emptystring
pylint.extensions.for_any_all
pylint.extensions.mccabe
pylint.extensions.overlapping_exceptions
pylint.extensions.redefined_variable_type
pylint.extensions.set_membership
pylint.extensions.typing
pylint.extensions.while_used

Pierre-Sassoulas · 2021-11-25T19:57:53Z

Yes @jolaf this is what caused the problem, I wanted to use all extensions in my configuration.

jolaf · 2022-01-27T20:36:45Z

@DanielNoord @Pierre-Sassoulas Thanks!

``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 48 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pylint | 2.5.3 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+ ```

``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 57 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pyjwt | 2.3.0 | >=1.5.0,<2.4.0 | 48542 | +==============================================================================+ | PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple | | different JWT signing algorithms. With JWT, an attacker submitting the JWT | | token can choose the used signing algorithm. The PyJWT library requires that | | the application chooses what algorithms are supported. The application can | | specify 'jwt.algorithms.get_default_algorithms()' to get support for all | | algorithms, or specify a single algorithm. The issue is not that big as | | 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. Users | | should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, | | always be explicit with the algorithms that are accepted and expected when | | decoding. | +==============================================================================+ +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 36 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pylint | 2.12.2 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+ ```

``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 95 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pylint | 2.5.3 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+ ```

``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 75 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pylint | 2.8.3 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+:x ```

``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 106 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pylint | 2.5.3 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+ ```

Title: [1070401] Cross-site Scripting in bootstrap-table Severity: moderate CWE: CWE-79 Vulnerable versions: <1.20.2 Patched versions: >=1.20.2 Recommendation: Upgrade to version 1.20.2 or later Version: 1.19.1 Path: bootstrap-table More info: GHSA-grw5-g9h2-wpg8 ``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 90 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pylint | 2.7.2 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+ ```

``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 88 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pylint | 2.8.3 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+ ```

``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 48 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pylint | 2.5.3 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+ ```

<pylint-dev/pylint#5322> describes a crash when using a specific extension that we don't use, and really isn't a security issue at all. Ideally we'd upgrade pylint anyways, but we've fallen a bit behind and it isn't a trivial version bump.

``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 94 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pyjwt | 2.3.0 | >=1.5.0,<2.4.0 | 48542 | +==============================================================================+ | PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple | | different JWT signing algorithms. With JWT, an attacker submitting the JWT | | token can choose the used signing algorithm. The PyJWT library requires that | | the application chooses what algorithms are supported. The application can | | specify 'jwt.algorithms.get_default_algorithms()' to get support for all | | algorithms, or specify a single algorithm. The issue is not that big as | | 'algorithms=jwt.algorithms.get_default_algorithms()' has to be used. Users | | should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, | | always be explicit with the algorithms that are accepted and expected when | | decoding. | +==============================================================================+ | pylint | 2.12.2 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+ ```

``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 108 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | pylint | 2.12.2 | <2.13.0 | 45185 | +==============================================================================+ | Pylint 2.13.0 fixes a crash when using the doc_params extension. | | pylint-dev/pylint#5322 | +==============================================================================+ ```

<pylint-dev/pylint#5322> describes a crash when using a specific extension that we don't use, and really isn't a security issue at all. Ideally we'd upgrade pylint anyways, but we've fallen a bit behind and it isn't a trivial version bump. (cherry picked from commit 132a6cd)

From `safety check`: Vulnerability ID: 45185 Affected spec: <2.13.0 ADVISORY: Pylint 2.13.0 fixes a crash when using the doc_params extension. pylint-dev/pylint#5322 PVE-2022-45185 For more information, please visit https://pyup.io/vulnerabilities/PVE-2022-45185/45185/

<pylint-dev/pylint#5322> describes a crash when using a specific extension that we don't use, and really isn't a security issue at all. Ideally we'd upgrade pylint anyways, but we've fallen a bit behind and it isn't a trivial version bump.

-> Vulnerability found in pylint version 2.12.2 Vulnerability ID: 45185 Affected spec: <2.13.0 ADVISORY: Pylint 2.13.0 fixes a crash when using the doc_params extension.pylint-dev/pylint#5322 PVE-2022-45185 For more information, please visit https://pyup.io/vulnerabilities/PVE-2022-45185/45185/

Pierre-Sassoulas added Bug 🪲 Crash 💥 A bug that makes pylint crash labels Nov 16, 2021

Pierre-Sassoulas added this to the 2.12.0 milestone Nov 16, 2021

Pierre-Sassoulas modified the milestones: 2.12.0, 2.13.0 Nov 16, 2021

DanielNoord mentioned this issue Jan 27, 2022

Remove the check_docs extension and remove any references to it #5730

Merged

4 tasks

Pierre-Sassoulas closed this as completed in #5730 Jan 27, 2022

millenc mentioned this issue Feb 23, 2022

Pylint <2.13.0 unfixable vulnerability pyupio/safety#366

Closed

legoktm mentioned this issue Jun 1, 2022

Ignore bogus pylint "security" issue freedomofpress/securedrop#6473

Merged

2 tasks

fmigneault added a commit to crim-ca/weaver that referenced this issue Jun 10, 2022

ignore irrelevant pylint CVE (pylint-dev/pylint#5322)

9b454dd

sbrunner mentioned this issue Sep 30, 2022

Fix CVE camptocamp/c2cciutils#753

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[crash] doc params extension: --accept-no-param-doc: conflicting option string(s) #5322

[crash] doc params extension: --accept-no-param-doc: conflicting option string(s) #5322

Pierre-Sassoulas commented Nov 16, 2021 •

edited

Loading

DanielNoord commented Nov 16, 2021

jolaf commented Nov 25, 2021 •

edited

Loading

Pierre-Sassoulas commented Nov 25, 2021

jolaf commented Jan 27, 2022

[crash] doc params extension: --accept-no-param-doc: conflicting option string(s) #5322

[crash] doc params extension: --accept-no-param-doc: conflicting option string(s) #5322

Comments

Pierre-Sassoulas commented Nov 16, 2021 • edited Loading

Bug description

Command used

Pylint output

Expected behavior

Pylint version

DanielNoord commented Nov 16, 2021

jolaf commented Nov 25, 2021 • edited Loading

Pierre-Sassoulas commented Nov 25, 2021

jolaf commented Jan 27, 2022

Pierre-Sassoulas commented Nov 16, 2021 •

edited

Loading

jolaf commented Nov 25, 2021 •

edited

Loading