pretty | Pretty printing for Go values
kandi X-RAY | pretty Summary
kandi X-RAY | pretty Summary
Pretty printing for Go values
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of pretty
pretty Key Features
pretty Examples and Code Snippets
def pretty_printed_signature(self, verbose=True):
"""Returns a string summarizing the signature of this concrete function."""
if not verbose:
return self._structured_signature_summary(default_values=True)
def pretty_print_spec(spec
def _print_args(arguments, argument_type='Argument', indent=0):
"""Formats and prints the argument of the concrete functions defined in the model.
Args:
arguments: Arguments to format print.
argument_type: Type of arguments.
indent:
def spiralPrint(a):
if check_matrix(a) and len(a) > 0:
matRow = len(a)
if isinstance(a[0], Iterable):
matCol = len(a[0])
else:
for dat in a:
print(dat),
return
Community Discussions
Trending Discussions on pretty
QUESTION
We have some apps (or maybe we should call them a handful of scripts) that use Google APIs to facilitate some administrative tasks. Recently, after making another client_id in the same project, I started getting an error message similar to the one described in localhost redirect_uri does not work for Google Oauth2 (results in 400: invalid_request error). I.e.,
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.
You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request details:
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob
How do I get through this error? It is important to note that:
- The OAuth consent screen for this project is marked as "Internal". Therefore any mentions of Google review of the project, or publishing status are irrelevant
- I do have "Trust internal, domain-owned apps" enabled for the domain
- Another client id in the same project works and there are no obvious differences between the client IDs - they are both "Desktop" type which only gives me a Client ID and Client secret that are different
- This is a command line script, so I use the "copy/paste" verification method as documented here hence the
urn:ietf:wg:oauth:2.0:oob
redirect URI (copy/paste is the only friendly way to run this on a headless machine which has no browser). - I was able to reproduce the same problem in a dev domain. I have three client ids. The oldest one is from January 2021, another one from December 2021, and one I created today - March 2022. Of those, only the December 2021 works and lets me choose which account to authenticate with before it either accepts it or rejects it with "Error 403: org_internal" (this is expected). The other two give me an "Error 400: invalid_request" and do not even let me choose the "internal" account. Here are the URLs generated by my app (I use the ruby google client APIs) and the only difference between them is the client_id - January 2021, December 2021, March 2022.
Here is the part of the code around the authorization flow, and the URLs for the different client IDs are what was produced on the $stderr.puts url
line. It is pretty much the same thing as documented in the official example here (version as of this writing).
ANSWER
Answered 2022-Mar-02 at 07:56steps.oauth.v2.invalid_request 400 This error name is used for multiple different kinds of errors, typically for missing or incorrect parameters sent in the request. If is set to false, use fault variables (described below) to retrieve details about the error, such as the fault name and cause.
- GenerateAccessToken GenerateAuthorizationCode
- GenerateAccessTokenImplicitGrant
- RefreshAccessToken
QUESTION
I am developing a RN app in Expo with firebase as backend. So far, the app only uses firebase auth and firestore and for whatever reason, I randomly started getting the error of ReferenceError: Can't find variable: IDBIndex
. I adjusted my firebase config to suit the v9 standards instead of using the compat
package. I ensured my app was not using Google Analytics. I have also downgraded to firebase@9.1.0 which matches up with the expo documentation and this other similar post.
I have also git reverted into previous versions of the app (with earlier dependencies and code) when it was working but still got back the same error. When this occurred, I entirely reinstalled node and npm because I thought that was the only other possible reason this could be happening but that was to no avail as well (getting the same IDB error). I still think this is a firebase related issue, but I am pretty much all out of ideas as to what it could be.
Here is my firebase config:
...ANSWER
Answered 2022-Mar-07 at 22:22I've been getting the same issue, I've tried all the same things as you to no avail. I symbolicated the logs from firebase test lab and came up with this:
Generally I have no idea how all of these libraries work together, but are you using typesense with firestore? I wonder if your stack trace calls out the same files, but I can't find any smoking gun here. I'll keep updating this thread if I find something. (I would have commented but I don't have the rep yet)
Update: Looks like my build just fixed itself somehow, even submitting builds from this weekend that would constantly crash. So truly I'm not sure what happened but it may be resolved
QUESTION
I have read few stackoverflow posts about "Looking up a deactivated widget's ancestor is unsafe" error but couldn't find an answer which work.
I've tried to set a global key with the scaffold, and to use WidgetsBinding.instance.addPostFrameCallback() without success.
I'm pretty sure I'm doing something stupid and easy to fix, but I can't figure out what.
This is a simple version of the code which replicates the error when you go back from PhotoViewPage (photo_view package) :
...my_home_page.dart
ANSWER
Answered 2021-Dec-18 at 16:14I'm not sure where the error was from, but switching flutter channel from master to stable fixed it.
QUESTION
I am trying to get this link to work, performing a DELETE
request:
ANSWER
Answered 2021-Dec-25 at 22:28As suggested here, the following will suffice:
QUESTION
I'm upgrading from JDK 8 to JDK 17 and I'm trying to compile with mvn clean install -X -DskipTests
and there's no information about the error.
Btw, I'm updating the dependencies and after that I compile to see if has errors. I need to update some dependencies such as Spring, Hibernate etc. I already updated Lombok.
I added the -X or -e option but I got the same result.
What can I do to get more information about the error? The log shows that it was loading hibernate-jpa-2.1-api before failed... so that means the problem is in this dependency?
...ANSWER
Answered 2021-Oct-19 at 20:28This failure is likely due to an issue between java 17 and older lombok versions. Building with java 17.0.1, lombok 1.18.20 and maven 3.8.1 caused a vague "Compilation failure" for me as well. I upgraded to maven 3.8.3 which also failed but provided this detail on the failure:
java.lang.NullPointerException: Cannot read field "bindingsWhenTrue" because "currentBindings" is null
Searching for this failure message I found this issue on stackoverflow leading me to a bug in lombok. I upgraded to lombok 1.18.22 and that fixed the compilation failure for a successful build.
QUESTION
On a brand new digitalocean droplet running Ubuntu 20.10 with a brand new pretty near empty rails 7 alpha 2 app running bundle install
results in the following both when running cap production deploy on my local machine and when running from the command shell on the droplet
ANSWER
Answered 2021-Nov-09 at 14:37I ran into this also. Not sure why, but they yanked the 7.x versions and regressed to 0.8.x:
https://rubygems.org/gems/turbo-rails/versions/7.1.1
Just add this to your Gemfile:
QUESTION
With the current Rakudo compiler (v2021.10), symbols declared with the ::(…)
form do not need to follow the rules for identifiers even when they declare the name of a routine.
This means that the following is code produces the indicated output:
...ANSWER
Answered 2021-Dec-14 at 21:01In short, yes, it's legal.
The concept of an identifier is a syntactic one: when parsing Raku, the parser needs to classify the things it sees, and the identifier rules indicate what sequences of characters should be recognized as an identifier.
By contrast, stashes, method tables, and lexical scopes are ultimately hash-like data structures: they map string keys into stored values. Just as there's no limit on what keys one can put into a hash, there's not one here either. Given meta-objects can be user-defined, it's unclear one could reliably enforce limits, even if it was considered desirable.
The ::(...)
indirect name syntax in declarative contexts comes only with the restriction that what you put there must be a compile-time constant. So far as parsing goes, what comes inside of the parentheses is an expression. The compiler wants to get a string that it can use to install a symbol somewhere; with identifiers it comes directly from the program source text, and with indirect name syntax by evaluating the constant that is found there. In either case, it's used to make an entry in a symbol table, and those don't care, and thus between the two, you have a way to get symbol table entries that don't have identifier syntax.
QUESTION
I am trying to set up Firebase with next.js. I am getting this error in the console.
FirebaseError: Expected first argument to collection() to be a CollectionReference, a DocumentReference or FirebaseFirestore
This is one of my custom hook
...ANSWER
Answered 2022-Jan-07 at 19:07Using getFirestore
from lite
library will not work with onSnapshot
. You are importing getFirestore
from lite
version:
QUESTION
How do I get details of a veracode vulnerability report?
I'm a maintainer of a popular JS library, Ramda, and we've recently received a report that the library is subject to a prototype pollution vulnerability. This has been tracked back to a veracode report that says:
ramda is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the
_curry2
function and modify attributes such as__proto__
,constructor
, andprototype
.
I understand what they're talking about for Prototype Pollution. A good explanation is at snyk's writeup for lodash.merge
. Ramda's design is different, and the obvious analogous Ramda code is not subject to this sort of vulnerability. That does not mean that no part of Ramda is subject to it. But the report contains no details, no code snippet, and no means to challenge their findings.
The details of their description are clearly wrong. _curry2
could not possibly be subject to this problem. But as that function is used as a wrapper to many other functions, it's possible that there is a real vulnerability hidden by the reporter's misunderstanding.
Is there a way to get details of this error report? A snippet of code that demonstrates the problem? Anything? I have filled out their contact form. An answer may still be coming, as it was only 24 hours ago, but I'm not holding my breath -- it seems to be mostly a sales form. All the searching I've done leads to information about how to use their security tool and pretty much nothing about how their custom reports are created. And I can't find this in CVE databases.
...ANSWER
Answered 2022-Jan-07 at 21:46Ok, so to answer my own question, here's how to get the details on a Veracode vulnerability report in less than four weeks and in only fifty-five easy steps.
Pre-workHave someone post an issue against your library suggesting that its
mapObjIndexed
function is subject to the prototype pollution vulnerability.Respond to say that you don't think the user has demonstrated that well-known vulnerability, but that you will dig deeper.
Write a detailed post described what that vulnerability means and demonstrate that the library is not in fact subject to it, or or at least that the example supplied does not demonstrate it.
Carry on a short conversation with interested parties explaining the point more thoroughly and responding to objections.
Leave the issue open for a while so the original reporter can argue the point and respond. 1
Receive a comment on the issue that says that the user has received
a VULN ticket to fix this
Prototype Pollution vulnerability found in ramda.
Carry on a discussion regarding this comment to learn that there is a report that claims that
ramda is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the
_curry2
function and modify attributes such as__proto__
,constructor
, andprototype
.and eventually learn that this is due to a report from the software security company Veracode.
Examine that report to find that it has no details, no explanation of how to trigger the vulnerability, and no suggested fix.
Examine the report and other parts of the Veracode site to find there is no public mechanism to challenge such a report.
Report back to the library's issue that the report must be wrong, as the function mentioned could not possibly generate the behavior described.
Post an actual example of the vulnerability under discussion and a parallel snippet from the library to demonstrate that it doesn't share the problem.
Find Veracode's online support form, and submit a request for help. Keep your expectations low, as this is probably for the sales department.
Post a StackOverflow Question2 asking how to find details of a Veracode vulnerability report, using enough details that if the community has the knowledge, it should be easy to answer.
- Try to enjoy your Friday and Saturday. Don't obsessively check your email to see if Veracode has responded. Don't visit the StackOverflow question every hour to see if anyone has posted a solution. Really, don't do these things; they don't help.
- Add a 250-reputation point bounty to the StackOverflow question, trying to get additional attention from the smart people who must have dealt with this before.
- Find direct email support addresses on the Veracode site, and send an email asking for details of the supposed vulnerability, a snippet that demonstrates the issue, and procedures to challenge their findings.
Receive a response from a Veracode Support email addressthat says, in part,
Are you saying our vuln db is not correct per your github source? If so, I can send it to our research team to ensure it looks good and if not, to update it.
As for snips of code, we do not provide that.
Reply, explaining that you find the report missing the details necessary to challenge it, but that yes, you expect it is incorrect.
Receive a response that this has been "shot up the chain" and that you will be hearing from them soon.
- Again, don't obsessively check your email or the StackOverflow question. But if you do happen to glance at StackOverflow, notice that while there are still no answers to it, there are enough upvotes to cover over half the cost of the bounty. Clearly you're not alone in wanting to know how to do this.
Receive an email from Veracode:
Thank you for your interest in Application Security and Veracode.
Do you have time next week to connect?
Also, to make sure you are aligned with the right rep, where is your company headquartered?
Respond that you're not a potential customer and explain again what you're looking for.
Add a comment to the StackOverflow to explain where the process has gotten to and expressing your frustration.
Watch another weekend go by without any way to address this concern.
Get involved in a somewhat interesting discussion about prototype pollution in the comments to the StackOverflow post.
Receive an actually helpful email from Veracode, sent by someone new, whose signature says he's a sales manager. The email will look like this:
Hi Scott, I asked my team to help out with your question, here was their response:
We have based this artifact from the information available in https://github.com/ramda/ramda/pull/3192. In the Pull Request, there is a POC (https://jsfiddle.net/3pomzw5g/2/) clearly demonstrating the prototype pollution vulnerability in the mapObjIndexed function. In the demo, the user object is modified via the
__proto__
property and is
considered a violation to the Integrity of the CIA triad. This has been reflected in our CVSS scoring for this vulnerability in our vuln db.There is also an unmerged fix for the vulnerability which has also been
included in our artifact (https://github.com/ramda/ramda/pull/3192/commits/774f767a10f37d1f844168cb7e6412ea6660112d )Please let me know if there is a dispute against the POC, and we can look further into this.
Try to avoid banging your head against the wall for too long when you realize that the issue you thought might have been raised by someone who'd seen the Veracode report was instead the source of that report.
Respond to this helpful person that yes you will have a dispute for this, and ask if you can be put directly in touch with the relevant Veracode people so there doesn't have to be a middleman.
Receive an email from this helpful person -- who needs a name, let's call him "Kevin" -- receive an email from Kevin adding to the email chain the research team. (I told you he was helpful!)
Respond to Kevin and the team with a brief note that you will spend some time to write up a response and get back to them soon.
Look again at the Veracode Report and note that the description has been changed to
ramda is vulnerable to prototype pollution. An attacker is able to inject and modify attributes of an object through the
mapObjIndexed
function via the proto property.but note also that it still contains no details, no snippets, no dispute process.
Receive a bounced-email notification because that research team's email is for internal Veracode use only.
Laugh because the only other option is to cry.
Tell Kevin what happened and make sure he's willing to remain as an intermediary. Again he's helpful and will agree right away.
Spend several hours writing up a detailed response, explaining what prototype pollution is and how the examples do not display this behavior. Post it ahead of time on the issue. (Remember the issue? This is a story about the issue.3) Ask those reading for suggestions before you send the email... mostly as a way to ensure you're not sending this in anger.
Go ahead and email it right away anyway; if you said something too angry you probably don't want to be talked out of it now, anyhow.
Note that the nonrefundable StackOverflow bounty has expired without a single answer being offered.
Twiddle your thumbs for a week, but meanwhile...
Receive a marketing email from Veracode, who has never sent you one before.
Note that Veracode has again updated the description to say
ramda allows object prototype manipulation. An attacker is able to inject and modify attributes of an object through the
mapObjIndexed
function via the proto property. However, due to ramda's design where object immutability is the default, the impact of this vulnerability is limited to the scope of the object instead of the underlying object prototype. Nonetheless, the possibility of object prototype manipulation as demonstrated in the proof-of-concept under References can potentially cause unexpected behaviors in the application. There are currently no known exploits.If that's not clear, a translation would be, "Hey, we reported this, and we don't want to back down, so we're going to say that even though the behavior we noted didn't actually happen, the behavior that's there is still, umm, err, somehow wrong."
Note that a fan of the library whose employer has a Veracode account has been able to glean more information from their reports. It turns out that their details are restricted to logged-in users, leaving it entirely unclear how they thing such vulnerabilities should be fixed.
Send a follow-up email to Kevin4 saying
I'm wondering if there is any response to this.
I see that the vulnerability report has been updated but not removed.
I still dispute the altered version of it. If this behavior is a true vulnerability, could you point me to the equivalent report on JavaScript'sObject.assign
, which, as demonstrated earlier, has the exact same issue as the function in question.My immediate goal is to see this report retracted. But I also want to point out the pain involved in this process, pain that I think Veracode could fix:
I am not a customer, but your customers are coming to me as Ramda's maintainer to fix a problem you've reported. That report really should have enough information in it to allow me to confirm the vulnerability reported. I've learned that such information is available to a logged- in customer. That doesn't help me or others in my position to find the information. Resorting to email and filtering it through your sales department, is a pretty horrible process. Could you alter your public reports to contain or point to a proof of concept of the vulnerability?
And could you further offer in the report some hint at a dispute process?
Receive an email from the still-helpful Kevin, which says
Thanks for the follow up [ ... ], I will continue to manage the communication with my team, at this time they are looking into the matter and it has been raised up to the highest levels.
Please reach back out to me if you don’t have a response within 72 hrs.
Thank you for your patience as we investigate the issue, this is a new process for me as well.
Laugh out loud at the notion that he thinks you're being patient.
Respond, apologizing to Kevin that he's caught in the middle, and read his good-natured reply.
Hear back from Kevin that your main objective has been met:
Hi Scott, I wanted to provide an update, my engineering team got back
to me with the following:“updating our DB to remove the report is the final outcome”
I have also asked for them to let me know about your question regarding the ability to contend findings and will relay that back once feedback is received.
Otherwise, I hope this satisfies your request and please let me know if any further action is needed from us at this time.
Respond gratefully to Kevin and note that you would still like to hear about how they're changing their processes.
Reply to your own email to apologize to Kevin for all the misspelling that happened when you try to type anything more than a short text on your mobile device.
Check with that helpful Ramda user with Veracode log-in abilities whether the site seems to be updated properly.
Reach out to that same user on Twitter when he hasn't responded in five minutes. It's not that you're anxious and want to put this behind you. Really it's not. You're not that kind of person.
Read that user's detailed response explaining that all is well.
Receive a follow-up from the Veracode Support email address telling you that
After much consideration we have decided to update our db to remove this report.
and that they're closing the issue.
Laugh about the fact that they are sending this after what seem likely the close of business for the week (7:00 PM your time on a Friday.)
Respond politely to say that you're grateful for the result, but that you would still like to see their dispute process modernized.
- Write a 2257-word answer5 to your own Stack Overflow question explaining in great detail the process you went through to resolve this issue.
And that's all it takes. So the next time you run into this, you can solve it too!
Update
(because you knew it couldn't be that easy!)
Day 61Receive an email from a new Veracode account executive which says
Thanks for your interest! Introducing myself as your point of contact at Veracode.
I'd welcome the chance to answer any questions you may have around Veracode's services and approach to the space.
Do you have a few minutes free to touch base? Please let me know a convenient time for you and I'll follow up accordingly.
Politely respond to that email suggesting a talk with Kevin and including a link to this list of steps.
1 This is standard behavior with Ramda issues, but it might be the main reason Veracode chose to report this.
2 Be careful not to get into an infinite loop. This recursion does not have a base case.
3 Hey, this was taking place around Thanksgiving. There had to be an Alice's Restaurant reference!
4 If you haven't yet found a Kevin, now would be a good time to insist that Veracode supply you with one.
5 Including footnotes.
QUESTION
I'm trying to test an API endpoint with a patch request to ensure it works.
I'm using APILiveServerTestCase
but can't seem to get the permissions required to patch the item. I created one user (adminuser
) who is a superadmin with access to everything and all permissions.
My test case looks like this:
...ANSWER
Answered 2021-Dec-11 at 07:34The test you have written is also testing the Django framework logic (ie: Django admin login). I recommend testing your own functionality, which occurs after login to the Django admin. Django's testing framework offers a helper for logging into the admin, client.login
. This allows you to focus on testing your own business logic/not need to maintain internal django authentication business logic tests, which may change release to release.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install pretty
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page