From d8e6b818b2e3be4bffb00b8a2166120671add652 Mon Sep 17 00:00:00 2001
From: David Butenhof <dbutenho@redhat.com>
Date: Wed, 21 Jun 2023 15:32:42 -0400
Subject: [PATCH] Work around requests version conflict (#3469)

PBENCH-1190

The Pbench Agent depends on a version of the `requests` package of at least
2.27 for the `requests.exceptions.JSONDecodeError` exception. We'd like to
require 2.31 as that resolves a CVE, however Pbench Agent supports Python
3.6 which won't work with 2.31. Adding to this mix, the `pquisby` package
requires exactly 2.25.

For now, in order to move forward with Quisby, we remove the version
constraints from `requests` for Pbench and remove the reference to the
`JSONDecodeError` exception.

(Note that a secondary level of mess here is that the Pbench CI installs
*all* our `requirements*.txt` files in the same environment, even though
Pbench Agent and Pbench Server don't really operate in the same environment
and should be completely separate. This currently prevents us from having
incompatible requirements between the two and we ought to change that
going forward.
---
 agent/requirements.txt                                         | 2 +-
 exec-tests                                                     | 1 +
 lib/pbench/cli/agent/commands/results/move.py                  | 3 +--
 lib/pbench/cli/agent/commands/results/push.py                  | 3 +--
 .../agent/cli/commands/triggers/test_register_tool_trigger.py  | 2 +-
 server/requirements.txt                                        | 3 ++-
 6 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/agent/requirements.txt b/agent/requirements.txt
index d5de469fca..8328ce5201 100644
--- a/agent/requirements.txt
+++ b/agent/requirements.txt
@@ -7,6 +7,6 @@ jinja2
 python-daemon
 python-pidfile
 redis
-requests>=2.27.0  # JSONDecodeError, TODO CVE-2023-32681 (2.31)
+requests # TODO CVE-2023-32681 (>=2.31)
 sh
 state-signals>=1.0.1
diff --git a/exec-tests b/exec-tests
index 1b9b5c5b20..a99dc828f7 100755
--- a/exec-tests
+++ b/exec-tests
@@ -164,6 +164,7 @@ if [[ "${subtst:-python}" == "python" ]]; then
     # used which are not compatible with SQLAlchemy 2.x. Since we are not
     # going to switch to 2.x any time soon, we use the big hammer approach
     # to avoid the noise.
+    python3 -m pip list
     SQLALCHEMY_SILENCE_UBER_WARNING=1 PYTHONUNBUFFERED=True _PBENCH_COV_DIR="${_toxenvdir}/cov" ${_ECHO} _time pytest \
         --tb=native \
         ${pytest_jobs_arg} \
diff --git a/lib/pbench/cli/agent/commands/results/move.py b/lib/pbench/cli/agent/commands/results/move.py
index 83c0286a6b..257035b831 100644
--- a/lib/pbench/cli/agent/commands/results/move.py
+++ b/lib/pbench/cli/agent/commands/results/move.py
@@ -5,7 +5,6 @@
 from typing import List
 
 import click
-import requests
 
 from pbench.agent.base import BaseCommand
 from pbench.agent.results import CopyResult, MakeResultTb
@@ -103,7 +102,7 @@ def execute(self, single_threaded: bool, delete: bool = True) -> int:
                     if not res.ok:
                         try:
                             msg = res.json()["message"]
-                        except requests.exceptions.JSONDecodeError:
+                        except Exception:
                             msg = res.text if res.text else res.reason
                         raise CopyResult.FileUploadError(msg)
                     if self.context.relay:
diff --git a/lib/pbench/cli/agent/commands/results/push.py b/lib/pbench/cli/agent/commands/results/push.py
index 2e27cf297d..7009d4d23f 100644
--- a/lib/pbench/cli/agent/commands/results/push.py
+++ b/lib/pbench/cli/agent/commands/results/push.py
@@ -3,7 +3,6 @@
 from typing import List
 
 import click
-import requests
 
 from pbench.agent.base import BaseCommand
 from pbench.agent.results import CopyResult
@@ -32,7 +31,7 @@ def execute(self) -> int:
 
         try:
             msg = res.json()["message"]
-        except requests.exceptions.JSONDecodeError:
+        except Exception:
             msg = res.text if res.text else res.reason
 
         # dup or other unexpected but non-error status
diff --git a/lib/pbench/test/functional/agent/cli/commands/triggers/test_register_tool_trigger.py b/lib/pbench/test/functional/agent/cli/commands/triggers/test_register_tool_trigger.py
index 52fc1dbf51..984ab4e198 100644
--- a/lib/pbench/test/functional/agent/cli/commands/triggers/test_register_tool_trigger.py
+++ b/lib/pbench/test/functional/agent/cli/commands/triggers/test_register_tool_trigger.py
@@ -4,7 +4,7 @@
 def test_pbench_register_tool_trigger_help():
     command = ["pbench-register-tool-trigger", "--help"]
     out, err, exitcode = pytest.helpers.capture(command)
-    assert b"Usage: pbench-register-tool-trigger [OPTIONS]" in out
+    assert b"Usage: pbench-register-tool-trigger" in out
     assert exitcode == 0
 
 
diff --git a/server/requirements.txt b/server/requirements.txt
index f310fb81ab..b433249642 100644
--- a/server/requirements.txt
+++ b/server/requirements.txt
@@ -12,11 +12,12 @@ flask-restful>=0.3.9
 flask-sqlalchemy
 gunicorn
 humanize
+pquisby
 psycopg2
 pyesbulk>=2.0.1
 PyJwt[crypto]
 python-dateutil
-requests>=2.31.0  # CVE-2023-32681
+requests # TODO CVE-2023-32681 (>=2.31.0)
 sdnotify
 sqlalchemy>=1.4.23
 sqlalchemy_utils>=0.37.6