Merge branch 'main' into add-option-skip-telemetry

kedro-org · Mar 14, 2024 · c2c3906 · c2c3906
2 parents fb5a876 + 9efca0e
commit c2c3906
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 2 deletions.
diff --git a/RELEASE.md b/RELEASE.md
@@ -1,6 +1,7 @@
 # Upcoming Release 0.19.4
 
 ## Major features and improvements
+* Cookiecutter errors are shown in short format without the `--verbose` flag.
 * Kedro commands now work from any subdirectory within a Kedro project.
 * Kedro CLI now provides a better error message when project commands are run outside of a project i.e. `kedro run`
 * Adds the `--telemetry` flag to `kedro new`, allowing the user to register consent to have user analytics collected as the project is created.

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,32 @@
+# Security policy
+
+Kedro and its community take security bugs seriously. We appreciate efforts to improve the security of all Kedro products
+and follow the [GitHub coordinated disclosure of security vulnerabilities](https://docs.github.com/en/code-security/security-advisories/about-coordinated-disclosure-of-security-vulnerabilities#about-reporting-and-disclosing-vulnerabilities-in-projects-on-github)
+for responsible disclosure and prompt mitigation. We are committed to working with security researchers to
+resolve the vulnerabilities they discover.
+
+## Supported versions
+
+The latest versions of [Kedro](https://github.com/kedro-org/kedro), [Kedro-Viz](https://github.com/kedro-org/kedro-viz/), [Kedro Starters](https://github.com/kedro-org/kedro-starters) and the [Kedro plugins](https://github.com/kedro-org/kedro-plugins) have continued support. Any critical vulnerability will be fixed and a release will be done for the affected project as soon as possible.
+
+## Reporting a vulnerability
+
+When finding a security vulnerability in [Kedro](https://github.com/kedro-org/kedro), [Kedro-Viz](https://github.com/kedro-org/kedro-viz/), [Kedro Starters](https://github.com/kedro-org/kedro-starters) or any of the official [Kedro plugins](https://github.com/kedro-org/kedro-plugins), perform the following actions:
+
+- [Open an issue](https://github.com/kedro-org/kedro/issues/new?assignees=&labels=Issue%3A%20Bug%20Report%20%F0%9F%90%9E&template=bug-report.md&title=%28security%29%20Security%20Vulnerability) on the Kedro repository. Ensure that you use `(security) Security Vulnerability` as the title and _do not_ mention any vulnerability details in the issue post.
+- Send a notification [email](mailto:[email protected]) to the Kedro Framework maintainers that contains, at a minimum:
+  - The link to the filed issue stub.
+  - Your GitHub handle.
+  - Detailed information about the security vulnerability, evidence that supports the relevance of the finding and any reproducibility instructions for independent confirmation.
+
+This first stage of reporting is to ensure that a rapid validation can occur without wasting the time and effort of a reporter. Future communication and vulnerability resolution will be conducted after validating
+the veracity of the reported issue.
+
+A Kedro maintainer will, after validating the report:
+
+- Acknowledge the bug
+- Mark the issue with a `Blocker📛` priority
+- Open a draft [GitHub Security Advisory](https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory)
+  to discuss the vulnerability details in private.
+
+The private Security Advisory will be used to confirm the issue, prepare a fix, and publicly disclose it after the fix has been released.
diff --git a/docs/source/contribution/index.md b/docs/source/contribution/index.md
@@ -7,6 +7,7 @@ We welcome any and all contributions to Kedro, at whatever level you can manage.
 - Start a conversation about the Kedro project on [GitHub discussions](https://github.com/kedro-org/kedro/discussions)
 - Make a pull request on the [`awesome-kedro` GitHub repo](https://github.com/kedro-org/awesome-kedro) to update the curated list of Kedro community content
 - Report a bug or propose a new feature on [GitHub issues](https://github.com/kedro-org/kedro/issues)
+- View the Kedro [security policy](https://github.com/kedro-org/kedro/blob/main/SECURITY.md) to report a security vulnerability.
 - [Review other contributors' PRs](https://github.com/kedro-org/kedro/pulls)
 - [Contribute code](https://github.com/kedro-org/kedro/wiki/Guidelines-for-contributing-developers), for example to fix a bug or add a feature
 - [Contribute to the documentation](https://github.com/kedro-org/kedro/wiki/Contribute-to-the-Kedro-documentation)

diff --git a/kedro/framework/cli/utils.py b/kedro/framework/cli/utils.py
@@ -265,15 +265,21 @@ class KedroCliError(click.exceptions.ClickException):
 
     VERBOSE_ERROR = False
     VERBOSE_EXISTS = True
+    COOKIECUTTER_EXCEPTIONS_PREFIX = "cookiecutter.exceptions"
 
     def show(self, file: IO | None = None) -> None:
         if self.VERBOSE_ERROR:
             click.secho(traceback.format_exc(), nl=False, fg="yellow")
         elif self.VERBOSE_EXISTS:
-            etype, value, _ = sys.exc_info()
+            etype, value, tb = sys.exc_info()
             formatted_exception = "".join(traceback.format_exception_only(etype, value))
+            cookiecutter_exception = ""
+            for ex_line in traceback.format_exception(etype, value, tb):
+                if self.COOKIECUTTER_EXCEPTIONS_PREFIX in ex_line:
+                    cookiecutter_exception = ex_line
+                    break
             click.secho(
-                f"{formatted_exception}Run with --verbose to see the full exception",
+                f"{cookiecutter_exception}{formatted_exception}Run with --verbose to see the full exception",
                 fg="yellow",
             )
         else:

diff --git a/tests/framework/cli/test_cli.py b/tests/framework/cli/test_cli.py
@@ -691,6 +691,7 @@ def test_run_with_invalid_config(
             "Key `node-names` in provided configuration is not valid. \n\nDid you mean one of "
             "these?\n    node_names\n    to_nodes\n    namespace" in result.stdout
         )
+        KedroCliError.VERBOSE_EXISTS = True
 
     @mark.parametrize(
         "fake_run_config_with_params,expected",

diff --git a/tests/framework/cli/test_starters.py b/tests/framework/cli/test_starters.py
@@ -490,6 +490,15 @@ def test_fail_if_dir_exists(self, fake_kedro_cli):
         assert result.exit_code != 0
         assert "directory already exists" in result.output
 
+    def test_cookiecutter_exception_if_no_verbose(self, fake_kedro_cli):
+        """Check if the original cookiecutter exception is present in the output
+        if no verbose flag is provided."""
+        Path("new-kedro-project").mkdir()
+        result = CliRunner().invoke(
+            fake_kedro_cli, ["new"], input=_make_cli_prompt_input()
+        )
+        assert "cookiecutter.exceptions" in result.output
+
     def test_prompt_no_title(self, fake_kedro_cli):
         shutil.copytree(TEMPLATE_PATH, "template")
         _write_yaml(Path("template") / "prompts.yml", {"repo_name": {}})