hellohaptik / chatbot_ner Goto Github PK
View Code? Open in Web Editor NEWchatbot_ner: Named Entity Recognition for chatbots.
Home Page: https://haptik.ai/
License: GNU General Public License v3.0
chatbot_ner's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
apurvnagvenkar balajeeu xingzhixi johnsonc rohan2015 readmenot prabhu3434 prabhatcs daansari mindis darkhandstudio anuragsyadav15 fanfanfeng abhinavjain13 coolrb dev13company mehtamanan0 bharat-gera vemulasravan6 avsolatorio cmanda siddhant-igp nagappankv sabudanakichdi appseamr sravan1305 indrajithbandara andriikrupka pb-pravin vunb amit2014 jainds obinsc aispider duttasaibal ramdhanoriya yangvict anutammewar ahanmr quantumphy trgnghiahoang amansrivastava17 jred1989 jitendraxtage tomarraj008 jameshsu007 gil2gm copperdong niluanwudidadi spprabhu rtyrohit nickbaguley msj905 samsgates rohitthapliyal2000 wanaxe parvez301 botcenter rupeshgoud arfathmistry sreenivas134 navpreetsamra pulkit18 shantanuo thedeveloperr krishn-kumar rdeshpande83 aptimyze riteshgurung siddhantagarwal erkhemee w95 zishan74750 modinirali donaldjohn mrpranav101 swathionchip liflife ruthvik-17 ameya3012 vinit134 reckonsys rhishikeshjoshi hiteshmishra708 zhe1234zou ajaypr55 dreamware-nz tushar117 vineshg pratikkotian04 anuragsinghchaudhary abhi9716 razasayed gurtajs4 rajeshverma7 yogendra14 dashayushman satishkrr janakiraman ranvijayjchatbot_ner's Issues
while runing the chatbot_ner API in python shell we are getting this error
File "ner_v2/detectors/temporal/date/date_detection.py", line 22, in
from ner_v2.detectors.temporal.utils import get_timezone
File "ner_v2/detectors/temporal/utils.py", line 4, in
import pandas as pd
File "/home/swathi/.local/lib/python2.7/site-packages/pandas/init.py", line 19, in
"Missing required dependencies {0}".format(missing_dependencies))
ImportError: Missing required dependencies ['numpy']
thanks in advance
Edge case bugs in date detection
There are some rarely occuring edges cases when relative dates are mentioned and datedetector would adjust the month/year if the detected date is in the past.
Such adjustments can lead to weird dates like 30th February or 31st June etc
For such cases it would be better to return nothing instead of wrong dates
It would be great if we can add a final layer before returning results that would discard all invalid dates
Number Range Detector tests are breaking
Not all test cases written for Number Range detector are passing and are commented for now. We need to fix these issues case by case
CVE-2020-26137 (Medium) detected in multiple libraries
CVE-2020-26137 - Medium Severity Vulnerability
Vulnerable Libraries - urllib3-1.23-py2.py3-none-any.whl, urllib3-1.21.1-py2.py3-none-any.whl, urllib3-1.24.3-py2.py3-none-any.whl
urllib3-1.23-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: /datastore
Dependency Hierarchy:
- ❌ urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)
urllib3-1.21.1-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/24/53/f397db567de0aa0e81b211d81c13c41a779f14893e42189cf5bdb97611b2/urllib3-1.21.1-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/requirements.txt
Path to vulnerable library: chatbot_ner/requirements.txt,/datastore
Dependency Hierarchy:
- ❌ urllib3-1.21.1-py2.py3-none-any.whl (Vulnerable Library)
urllib3-1.24.3-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/01/11/525b02e4acc0c747de8b6ccdab376331597c569c42ea66ab0a1dbd36eca2/urllib3-1.24.3-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: /datastore
Dependency Hierarchy:
- ❌ urllib3-1.24.3-py2.py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
Publish Date: 2020-09-30
URL: CVE-2020-26137
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137
Release Date: 2020-09-30
Fix Resolution: 1.25.9
Step up your Open Source Security Game with WhiteSource here
where I can find Indian famous person name list
Hi, I am working about NER of Indian person name, where I can find a Indian person name list, thanks
CVE-2021-33503 (High) detected in multiple libraries
CVE-2021-33503 - High Severity Vulnerability
Vulnerable Libraries - urllib3-1.23-py2.py3-none-any.whl, urllib3-1.21.1-py2.py3-none-any.whl, urllib3-1.24.3-py2.py3-none-any.whl
urllib3-1.23-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: /datastore
Dependency Hierarchy:
- ❌ urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)
urllib3-1.21.1-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/24/53/f397db567de0aa0e81b211d81c13c41a779f14893e42189cf5bdb97611b2/urllib3-1.21.1-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/requirements.txt
Path to vulnerable library: chatbot_ner/requirements.txt,/datastore
Dependency Hierarchy:
- ❌ urllib3-1.21.1-py2.py3-none-any.whl (Vulnerable Library)
urllib3-1.24.3-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/01/11/525b02e4acc0c747de8b6ccdab376331597c569c42ea66ab0a1dbd36eca2/urllib3-1.24.3-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: /datastore
Dependency Hierarchy:
- ❌ urllib3-1.24.3-py2.py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 72a48c8801f2708eff686388040667b74459efec
Found in base branch: develop
Vulnerability Details
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
Publish Date: 2021-06-29
URL: CVE-2021-33503
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-q2q7-5pp4-w6pg
Release Date: 2021-05-22
Fix Resolution: urllib3 - 1.26.5
Step up your Open Source Security Game with WhiteSource here
How to use multiple entities in Python.
Hi,
How to use multiple entities in Python.
Example:
entities = ['date','time','restaurant']
message = "Reserve me a table today at 6:30pm at Mainland China and on Monday at 7:00pm at Barbeque Nation"
Thanks In advance.
Regards,
Swathi.
Issue with accessing of date detector
Hi all,
I went through all the steps to install char NER. I couldn't access the DateAdvanceDetector from django shell and DateDetector doesn't have detect method.
Could you please help me out to use date detector in django
from ner_v2.detectors.temporal.date.date_detection import DateAdvanceDetector
- detector = DateAdvanceDetector(entity_name=entity_name, language=source_language,
timezone=timezone,
past_date_referenced=past_date_referenced)
from ner_v2.detectors.temporal.date.date_detection import DateDetector
2.) detector = DateDetector(entity_name=entity_name, language=source_language,
timezone=timezone,
past_date_referenced=past_date_referenced)
output = detector.detect(message=message, entity_name=entity_name,
structured_value=structured_value,
fallback_value=fallback_value)
CVE-2018-20060 (High) detected in urllib3-1.21.1-py2.py3-none-any.whl
CVE-2018-20060 - High Severity Vulnerability
Vulnerable Library - urllib3-1.21.1-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/24/53/f397db567de0aa0e81b211d81c13c41a779f14893e42189cf5bdb97611b2/urllib3-1.21.1-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/requirements.txt
Path to vulnerable library: chatbot_ner/requirements.txt,/datastore
Dependency Hierarchy:
- ❌ urllib3-1.21.1-py2.py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
Publish Date: 2018-12-11
URL: CVE-2018-20060
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20060
Fix Resolution: 1.23
Step up your Open Source Security Game with WhiteSource here
Unable to connect to Datastore - Text Detector
Hi All,
I wrote sample example for "Detecting text entity from message". I am getting below error.
File "../datastore/datastore.py", line 48, in init
raise DataStoreSettingsImproperlyConfiguredException()
datastore.exceptions.DataStoreSettingsImproperlyConfiguredException: 'Chatbot NER datastore settings are not configured correctly. Please make sure the required connection settings are available in the environment variables
How to resolve this Issue.
Thanks In advance.
Regards,
Swathi.
Running chatbot _ner without docker
Is it possible to run the project without docker for development purpose.?
CVE-2021-3281 (Medium) detected in Django-1.11.29-py2.py3-none-any.whl - autoclosed
CVE-2021-3281 - Medium Severity Vulnerability
Vulnerable Library - Django-1.11.29-py2.py3-none-any.whl
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/49/49/178daa8725d29c475216259eb19e90b2aa0b8c0431af8c7e9b490ae6481d/Django-1.11.29-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: chatbot_ner/datastore,chatbot_ner/requirements.txt
Dependency Hierarchy:
- ❌ Django-1.11.29-py2.py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
Publish Date: 2021-02-02
URL: CVE-2021-3281
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
Release Date: 2021-02-02
Fix Resolution: 2.2.18,3.0.12,3.1.6
Step up your Open Source Security Game with WhiteSource here
Issues on Adding new data from csv file to datastore
document named chatbot_ner/docs/adding_entities.md in that
Adding new data from csv file to datastore
Make sure to start the engine you configured with datastore( eg. elasticsearch)
$ ~/chatbot_ner_elasticsearch/elasticsearch-5.5.0/bin/elasticsearch -d
how can we the start the engine configured with datastore
how we can configure datastore
thanks in advance.
CVE-2019-6446 (High) detected in numpy-1.16.0-cp27-cp27mu-manylinux1_x86_64.whl
CVE-2019-6446 - High Severity Vulnerability
Vulnerable Library - numpy-1.16.0-cp27-cp27mu-manylinux1_x86_64.whl
NumPy is the fundamental package for array computing with Python.
Library home page: https://files.pythonhosted.org/packages/9f/85/163127d3fb0573deb9eca947cfc73aa3618eaaf8656501460574471d114a/numpy-1.16.0-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: chatbot_ner/datastore,chatbot_ner/requirements.txt
Dependency Hierarchy:
- ❌ numpy-1.16.0-cp27-cp27mu-manylinux1_x86_64.whl (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
Publish Date: 2019-01-16
URL: CVE-2019-6446
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1859
Release Date: 2019-01-16
Fix Resolution: 1.16.2
Step up your Open Source Security Game with WhiteSource here
Datastore create and populate are not compatible with language script changes to elastic search
Query changes have been made on dev/master but create/populate changes are not made yet.
This also means text detection is broken.
A temporary workaround to get it working is to set _target_language_script attribute of TextDetector to None
from ner_v1.detectors.textual.text.text_detection import *
t = TextDetector('city_list')
t._target_language_script = None
t.detect_entity('Mumbi delhii')([u'New Delhi', u'Mumbai'], ['delhii', 'mumbi'])
Could it be trained in other languages, such as in Spanish?
Hello! Firstly thanks for your great job and all the support with the codes. I was wondering if it would be possible o train the model in other languages, such as in Spanish, and how could it be possible.
Thanks again!
Write tests
There are no tests at all right now.
At least basic tests must be added
CVE-2020-13596 (Medium) detected in Django-1.11.29-py2.py3-none-any.whl - autoclosed
CVE-2020-13596 - Medium Severity Vulnerability
Vulnerable Library - Django-1.11.29-py2.py3-none-any.whl
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/49/49/178daa8725d29c475216259eb19e90b2aa0b8c0431af8c7e9b490ae6481d/Django-1.11.29-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: chatbot_ner/datastore,chatbot_ner/requirements.txt
Dependency Hierarchy:
- ❌ Django-1.11.29-py2.py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
Publish Date: 2020-06-03
URL: CVE-2020-13596
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
Release Date: 2020-06-03
Fix Resolution: 3.0.7,2.2.13
Step up your Open Source Security Game with WhiteSource here
CVE-2019-8331 (Medium) detected in bootstrap-3.3.7.min.js
CVE-2019-8331 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: chatbot_ner/ner_v1/static/index.html
Path to vulnerable library: chatbot_ner/ner_v1/static/index.html
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.min.js (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#28236
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
Step up your Open Source Security Game with WhiteSource here
CVE-2019-9740 (Medium) detected in urllib3-1.23-py2.py3-none-any.whl, urllib3-1.21.1-py2.py3-none-any.whl
CVE-2019-9740 - Medium Severity Vulnerability
Vulnerable Libraries - urllib3-1.23-py2.py3-none-any.whl, urllib3-1.21.1-py2.py3-none-any.whl
urllib3-1.23-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: chatbot_ner/datastore
Dependency Hierarchy:
- ❌ urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)
urllib3-1.21.1-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/24/53/f397db567de0aa0e81b211d81c13c41a779f14893e42189cf5bdb97611b2/urllib3-1.21.1-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: chatbot_ner/datastore,chatbot_ner/requirements.txt
Dependency Hierarchy:
- requests-2.20.0-py2.py3-none-any.whl (Root Library)
- ❌ urllib3-1.21.1-py2.py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Publish Date: 2019-03-13
URL: CVE-2019-9740
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
Release Date: 2020-11-02
Fix Resolution: v2.7.17,v3.5.8,v3.6.9,3.7.4,3.7.5
Step up your Open Source Security Game with WhiteSource here
python implementation of curl command
There is a curl command on this page that I am not able execute.
https://github.com/hellohaptik/chatbot_ner/tree/develop/ner_v2/detectors/numeral/number
The curl command is as follows:
curl -i 'http://'$URL':'$PORT'/v2/number/message=do%20hajaar%20char%20sau&entity_name=number&structured_value=&fallback_value=&bot_message=&min_number_digits=1&max_number_digits=6&source_language=hi&language_script=hi&unit_type='
I will like to know the python implementation of the same.
CVE-2019-11324 (High) detected in urllib3-1.23-py2.py3-none-any.whl, urllib3-1.21.1-py2.py3-none-any.whl
CVE-2019-11324 - High Severity Vulnerability
Vulnerable Libraries - urllib3-1.23-py2.py3-none-any.whl, urllib3-1.21.1-py2.py3-none-any.whl
urllib3-1.23-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: /datastore
Dependency Hierarchy:
- ❌ urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)
urllib3-1.21.1-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/24/53/f397db567de0aa0e81b211d81c13c41a779f14893e42189cf5bdb97611b2/urllib3-1.21.1-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/requirements.txt
Path to vulnerable library: chatbot_ner/requirements.txt,/datastore
Dependency Hierarchy:
- ❌ urllib3-1.21.1-py2.py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
Publish Date: 2019-04-18
URL: CVE-2019-11324
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324
Release Date: 2019-04-18
Fix Resolution: 1.24.2
Step up your Open Source Security Game with WhiteSource here
we are getting wrong output one of your example what you explained in the document named chatbot_ner/docs/api_call.md
message = u'I want to order 2 burgers from mainland china at 3 pm '
entity_name = 'restaurant'
structured_value=None
fallback_value=None
bot_message=None
source_language='en'
from ner_v1.chatbot.entity_detection import get_text
output = get_text(message=message, entity_name=entity_name,
structured_value=structured_value,
fallback_value=fallback_value,
bot_message=bot_message,language=source_language)
print(output)
we tested the example of this by using the python shell the actual output in my system is
[{'original_text': 'mainland china', 'detection': 'message', 'language': 'en', 'entity_value': {'crf_model_verified': False, 'value': 'Mainland China', 'datastore_verified': True}}]
but in your document the output is
output:
[
{
"detection": "message",
"original_text": "2",
"entity_value": { "value": "2", "unit": null},
"language": "en"
},
{
"detection": "message",
"original_text": "3 pm",
"entity_value": { "mm": 0, "hh": 3, "nn": "pm"},
"language": "en"
}
]
Example 2:
// If today is 19th feb
input:
message = u'I have my maths exam next Saturday.'
entity_name = 'date'
structured_value = None
structured_value_verification = 0
fallback_value = None
bot_message = None
output:[
{
"detection": "message",
"original_text": "inferno",
"entity_value": {"value": {"mm":03, "yy": 2019, "dd": 02, "type": "date"}},
"language": "en"
},
]
for example 2 we are getting the output is None
why it is not working properly
please reply fast
thank in advance.
CVE-2019-11358 (Medium) detected in jquery-3.2.1.min.js - autoclosed
CVE-2019-11358 - Medium Severity Vulnerability
Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: chatbot_ner/ner_v1/static/index.html
Path to vulnerable library: chatbot_ner/ner_v1/static/index.html
Dependency Hierarchy:
- ❌ jquery-3.2.1.min.js (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
CVE-2020-11023 (Medium) detected in jquery-3.2.1.min.js
CVE-2020-11023 - Medium Severity Vulnerability
Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: chatbot_ner/ner_v1/static/index.html
Path to vulnerable library: chatbot_ner/ner_v1/static/index.html
Dependency Hierarchy:
- ❌ jquery-3.2.1.min.js (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Install GIT
apt-get install git command should be added before cloning GIT repo
Problem in NumberDetector
Hi all,
I went through all the steps to install char NER. I couldn't access the Detecting number from django shell .Could you please help me out to use Detecting number from django
Ex: message=u"i want to purchase 30 units of mobile abd 40 units of telivision"
entity_name='number'
structured_value=None
fallback_value=None
bot_message=None
min_number_digits=1 # minimum number of digit
max_number_digits=6 # maximum number of digit
source_language='en' # here language will be ISO 639-1 code
unit_type=None # this restrict the number detector to detect particular number type only.
from ner_v2.detector.number.number.number_detection import NumberDetector
detector = NumberDetector(entity_name=entity_name, language=source_language,
unit_type=None)
detector.set_min_max_digits(min_digit=min_number_digits, max_digit=max_number_digits)
output = detector.detect(message=message,structured_value=structured_value,
fallback_value=fallback_value, bot_message=bot_message)
print(output)
But I am getting Below error. Could you please resolve the Issue ASAP.
**-------------------------------------------------------------------
ImportError Traceback (most recent call last)
in ()
9 unit_type=None # this restrict the number detector to detect particular number type only.
10
---> 11 from ner_v2.detector.number.number.number_detection import NumberDetector
12 detector = NumberDetector(entity_name=entity_name, language=source_language,
13 unit_type=None)
ImportError: No module named detector.number.number.number_detection**
Thanks in Advance,
Regards,
Swathi.
Typos in readme
Typo=bad
Need support for Gujarati NER from text document
Hi,
You have done good work in Chatbot ner. I am doing research on the same. I need python support to implement HMM (Hidden Markov Model) for NER.
Waiting for your reply.
helloaptik/chatbot_ner works with Python 2.7.x but not with Python 3
helloaptik chatbot_ner is working for python version 2.x with and without docker.
we have one doubt is it(hellohaptik chatbotbot_ner) supports for python version 3.x
Originally posted by @prasannaonchip in #268 (comment)
CVE-2020-11022 (Medium) detected in jquery-3.2.1.min.js
CVE-2020-11022 - Medium Severity Vulnerability
Vulnerable Library - jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: chatbot_ner/ner_v1/static/index.html
Path to vulnerable library: chatbot_ner/ner_v1/static/index.html
Dependency Hierarchy:
- ❌ jquery-3.2.1.min.js (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
CVE-2020-13091 (High) detected in pandas-0.19.0-cp27-cp27mu-manylinux1_x86_64.whl
CVE-2020-13091 - High Severity Vulnerability
Vulnerable Library - pandas-0.19.0-cp27-cp27mu-manylinux1_x86_64.whl
Powerful data structures for data analysis, time series, and statistics
Library home page: https://files.pythonhosted.org/packages/33/a6/b8f695cd717bf41749dae34217791a3123be9fb612cefd07eb3b2efbf490/pandas-0.19.0-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: chatbot_ner/requirements.txt
Path to vulnerable library: chatbot_ner/requirements.txt,chatbot_ner/datastore
Dependency Hierarchy:
- ❌ pandas-0.19.0-cp27-cp27mu-manylinux1_x86_64.whl (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner.
Publish Date: 2020-05-15
URL: CVE-2020-13091
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2016-10735 (Medium) detected in bootstrap-3.3.7.min.js
CVE-2016-10735 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: chatbot_ner/ner_v1/static/index.html
Path to vulnerable library: chatbot_ner/ner_v1/static/index.html
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.min.js (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Publish Date: 2019-01-09
URL: CVE-2016-10735
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#20184
Release Date: 2019-01-09
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
java install
Install Java and setup Elasticsearch
$ sudo add-apt-repository -y ppa:webupd8team/java
$ sudo apt-get update
$ sudo apt-get -y install oracle-java8-installer
$ sudo apt install oracle-java8-set-default >>>>>>>> SHOULD BE (apt-get install)
How we can test APIs of hellohaptik chatbot_ner in python shell.
Hi All,
Explain detailed procedure of how to run the APIs of chatbot_ner in python shell instead of django shell.
Thanks In Advance,
Regards,
Swathi
CVE-2019-11236 (Medium) detected in urllib3-1.23-py2.py3-none-any.whl, urllib3-1.21.1-py2.py3-none-any.whl
CVE-2019-11236 - Medium Severity Vulnerability
Vulnerable Libraries - urllib3-1.23-py2.py3-none-any.whl, urllib3-1.21.1-py2.py3-none-any.whl
urllib3-1.23-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: /datastore
Dependency Hierarchy:
- ❌ urllib3-1.23-py2.py3-none-any.whl (Vulnerable Library)
urllib3-1.21.1-py2.py3-none-any.whl
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/24/53/f397db567de0aa0e81b211d81c13c41a779f14893e42189cf5bdb97611b2/urllib3-1.21.1-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/requirements.txt
Path to vulnerable library: chatbot_ner/requirements.txt,/datastore
Dependency Hierarchy:
- ❌ urllib3-1.21.1-py2.py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
Publish Date: 2019-04-15
URL: CVE-2019-11236
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11236
Release Date: 2019-04-15
Fix Resolution: 1.24.3
Step up your Open Source Security Game with WhiteSource here
New entity adding named as distance
Hi
we are trying to add new entity by using the your tool,
For adding New entity we followed the procedure what you are given in the document
named as chatbot_ner/docs/adding_entities.md
here
from datastore import DataStore
csv_file = 'data/entity_data/distance.csv'
db = DataStore()
db.populate(csv_file_paths=[csv_file,])
by using this code we added the new entites
the data which is present in the distance.csv is given below
values,variants
distance,distance|distances
kilometer,kilometer|kilometers|km|kms
miles,miles|miles
nearest,nearest
nearby,nearby
shortest,shortest|shortest
quickest,quickest|quick
it is working fine but we want
Need a coffee place within 4 miles with the quickest route.
in this sentence i want to predict the value and unit .
Here in this sentence value is 4 and unit is miles and also quickest is distance entity.
i want to predict the output in this form for that how i can add units regarding distance, and also how can access it .
please reply fast
thanks in advance.
CVE-2020-13254 (Medium) detected in Django-1.11.29-py2.py3-none-any.whl - autoclosed
CVE-2020-13254 - Medium Severity Vulnerability
Vulnerable Library - Django-1.11.29-py2.py3-none-any.whl
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/49/49/178daa8725d29c475216259eb19e90b2aa0b8c0431af8c7e9b490ae6481d/Django-1.11.29-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: chatbot_ner/datastore,chatbot_ner/requirements.txt
Dependency Hierarchy:
- ❌ Django-1.11.29-py2.py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
Publish Date: 2020-06-03
URL: CVE-2020-13254
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
Release Date: 2020-06-03
Fix Resolution: 3.0.7,2.2.13
Step up your Open Source Security Game with WhiteSource here
CVE-2021-28658 (Medium) detected in Django-1.11.29-py2.py3-none-any.whl - autoclosed
CVE-2021-28658 - Medium Severity Vulnerability
Vulnerable Library - Django-1.11.29-py2.py3-none-any.whl
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/49/49/178daa8725d29c475216259eb19e90b2aa0b8c0431af8c7e9b490ae6481d/Django-1.11.29-py2.py3-none-any.whl
Path to dependency file: chatbot_ner/datastore
Path to vulnerable library: chatbot_ner/datastore,chatbot_ner/requirements.txt
Dependency Hierarchy:
- ❌ Django-1.11.29-py2.py3-none-any.whl (Vulnerable Library)
Found in base branch: develop
Vulnerability Details
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
Publish Date: 2021-04-06
URL: CVE-2021-28658
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28658
Release Date: 2021-04-06
Fix Resolution: django-2.2.20, 3.0.14, 3.1.8, 3.2
Step up your Open Source Security Game with WhiteSource here
CVE-2018-14040 (Medium) detected in bootstrap-3.3.7.min.js
CVE-2018-14040 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: chatbot_ner/ner_v1/static/index.html
Path to vulnerable library: chatbot_ner/ner_v1/static/index.html
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.min.js (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-20677 (Medium) detected in bootstrap-3.3.7.min.js
CVE-2018-20677 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: chatbot_ner/ner_v1/static/index.html
Path to vulnerable library: chatbot_ner/ner_v1/static/index.html
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.min.js (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
Step up your Open Source Security Game with WhiteSource here
Coverage seems to include test files
reports wrong numbers, correct the coverage script
Windows Installation
how can i install it in windows
Setup Jenkins unit tests job correctly for PRs from forks
Right now Jenkins unit tests job fails when PR is from a fork. Set it up correctly and also make the job log public @chiragjn @ranvijayj
Update postman collections to avoid editing data in code and "skipped" tests
Collection runner is setup in a way that requires
- forming the data to give to newman collection runner to be compiled in the python code
- newman's concept of "iteration" is not being used correctly right now which causes a lot of "Skipped" tests
- Need better error messages in the postman test asserts
Ultimately the ideal case would be to
- Have a collection of all tests
- Run the collection by providing it multiple data files (each file contains data for 1 entity) and should need to editing or compilation in the Python code. In fact if we can ditch the python code all together that would be best
- Nothing should show up as "skipped" - either it should pass or it should fail
Right now I don't know if this ideal structure is even possible, maybe we need to maintain 1 collection per entity?
CVE-2018-20676 (Medium) detected in bootstrap-3.3.7.min.js
CVE-2018-20676 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: chatbot_ner/ner_v1/static/index.html
Path to vulnerable library: chatbot_ner/ner_v1/static/index.html
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.min.js (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
Step up your Open Source Security Game with WhiteSource here
Use regex module instead of python's re module
Python's built in re module does not work according to Unicode word & boundary rules https://bugs.python.org/issue12731 which causes number of issues for our regex patterns when we apply them to languages other than English. Till Python 3.x ships the fix, we will have to rely on https://bitbucket.org/mrabarnett/mrab-regex
Usage remains the same as built in re module, just with some additional flags
Improve documentation throughout
Right now the code - documentation is incomplete:
Missing data types of arguments and returns.
Descriptions in some places are vague or missing.
More Examples can be added
CVE-2018-14042 (Medium) detected in bootstrap-3.3.7.min.js
CVE-2018-14042 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: chatbot_ner/ner_v1/static/index.html
Path to vulnerable library: chatbot_ner/ner_v1/static/index.html
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.min.js (Vulnerable Library)
Found in HEAD commit: 1dffbf6325ccfcf4a65dbce5276d7cc4cf428abb
Found in base branch: develop
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with WhiteSource here
Bump pandas from 0.19 to 0.21
Although it is very old for today, it has prebuilt wheels that install faster and will speed up builds
Check: https://pandas.pydata.org/docs/whatsnew/v0.20.0.html
and https://pandas.pydata.org/docs/whatsnew/v0.21.0.html
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.