Skip to content

LSi Correlator: Update Numpy Dependency to 1.21 or Later #6968

New issue
New issue
Open
Open
LSi Correlator: Update Numpy Dependency to 1.21 or Later#6968
Labels
2
@JackEAllen

Description

@JackEAllen
JackEAllen
opened on Jan 13, 2022

Where?

Where is the issue likely to be (be as specific as possible e.g. filepaths)

LSi Correlator Repository in the following locations:

  • requirements.txt
  • correlator_driver_functions.py
  • data_file_interaction.py
  • mocked_correlator_api.py
  • tests.py
  • test_data.py

How?

How did the issue come about/known cause of issue if any? (delete subheader if not applicable)

GitHub Dependabot alert found a vulnerability in repository dependencies. The Vulnerability is inside Numpy versions >= 1.9.0, < 1.21.

The vulnerability is patched in version: 1.21

A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. - GitHub Dependabot Alert

This vulnerability is not used in the LSi Correlator repository so the vulnerability does not directly affect the repository.

It is however still good practice remove the potential of this vulnerability affecting the repositories security going forward should a need to use the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code.

We should update the dependency to Numpy version 1.21 or later to resolve this problem and update on any machines which use the LSi Correlator.

Reproducible?

Yes

To Reproduce

Acceptance criteria

  • Numpy version 1.21 or later is used by the LSi Correlator.
  • requirements.txt specifies a version of numpy that is 1.21 or later.
  • All unit tests and IOC system tests pass after upgrading the version used.
  • Any machines using the LSi Correlator have been updated to use Numpy 1.21 or later.
  • Pylint GitHub workflow passes.

How to Test

_verbose instructions for reviewer to test changes

  • Run master\tests.py using the command python tests.py from an epics environment.
  • Test the IOC from an epics environment from C:\Instrument\Apps\EPICS\support\EPICS-IOC_Test_Framework\ by running python run_tests.py -t lsicorr.

Metadata

Metadata

Assignees

No one assigned

    Labels

    2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions