fix/python upgrade 3.11->3.13#3320
fix/python upgrade 3.11->3.13#3320IshaanXCoder wants to merge 12 commits intointelowlproject:developfrom
Conversation
|
@mlodic ptal at this draft pr, still need to make many changes on failing tests, i just want to get some reviews on the work done till now |
There was a problem hiding this comment.
Pull request overview
This PR upgrades the project from Python 3.11 to Python 3.13, addressing compatibility issues with deprecated functions and updating dependencies. The linked issue mentions Python 3.14, but correctly targets Python 3.13 (the latest stable version).
Changes:
- Updated Python base images to 3.13 in Dockerfiles and CI workflows
- Replaced deprecated testing methods (assertDictContainsSubset) with explicit key-value assertions
- Replaced pydeep library with ppdeep and updated API calls accordingly
- Upgraded major dependencies (Django 5.2, DRF 3.16.1, Celery 5.6.0, etc.)
- Fixed bug in maxmind.py where incorrect variable was passed to update_all_dbs
- Removed unnecessary PosixPath usage from TextChoices enum
- Updated typing.Generator syntax to simplified Python 3.9+ format
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| docker/Dockerfile | Updated base image from python:3.11.7 to python:3.13-slim |
| integrations/tor_analyzers/Dockerfile | Fixed python:3.14-slim (non-existent) to python:3.13-slim |
| integrations/malware_tools_analyzers/Dockerfile | Updated base image to python:3.13-slim |
| .github/workflows/pull_request_automation.yml | Updated CI Python version to 3.13 |
| .github/workflows/codeql-analysis.yml | Updated CI Python version to 3.13 |
| pyproject.toml | Updated Ruff target-version to py313 |
| requirements/project-requirements.txt | Upgraded Django, DRF, Celery, and other dependencies for Python 3.13 compatibility; replaced pydeep with ppdeep |
| api_app/choices.py | Removed PosixPath wrapper from TextChoices enum values; simplified typing.Generator syntax |
| api_app/analyzers_manager/file_analyzers/file_info.py | Updated to use ppdeep.hash_from_file instead of pydeep.hash_file |
| api_app/analyzers_manager/observable_analyzers/maxmind.py | Fixed bug: pass auth_token instead of cls._api_key_name to update_all_dbs |
| tests/test_crons.py | Removed skip import (unused); updated test_maxmind_updater with proper mocking; changed retention days from 10 to 30 |
| tests/api_app/test_views.py | Replaced deprecated assertDictContainsSubset with explicit for-loop assertions |
| tests/api_app/test_api.py | Replaced deprecated assertDictContainsSubset with assertIn and assertEqual |
| tests/api_app/analyzers_manager/unit_tests/observable_analyzers/test_greynoise_labs.py | Changed report mock from dict to SimpleNamespace with save method |
| tests/api_app/analyzers_manager/unit_tests/file_analyzers/test_file_info.py | Updated mock from pydeep.hash_file to ppdeep.hash_from_file |
| tests/api_app/analyzers_manager/unit_tests/file_analyzers/test_blint_scan.py | Fixed mock patch to target import location in module (best practice) |
| tests/api_app/analyzers_manager/unit_tests/file_analyzers/base_test_class.py | Added missing test file mapping for application/x-elf |
| docker/test.override.yml | Added MOCK_CONNECTIONS and CELERY_TASK_SOFT_TIME_LIMIT environment variables |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Hey @mlodic PTAL at this, i've made the required changes, few tests are still failing on my local, but they seem to be unrelated with python migration. |
mlodic
left a comment
mlodic
left a comment
There was a problem hiding this comment.
there are still linter errors.
Also, ppdeep is not compliant to IntelOwl basic scorecard checks. I checked that project and there is a single maintainer keeping it so it can be quite unreliable on the long term. Isn't there any alternatives?
alright i've fixed this, there was an erorr due to modern style of python (eg, Generator[Signature, None, None] to the modern equivalent Generator[Signature])
an alternative which we've is https://github.com/DinoTools/python-ssdeep , but it doesnt have any commits since past 5 years. |
|
@mlodic should i proceed with the above approaches? |
|
that's still another very niche and old repository but it is older like the other one that we are already using as of now. You can try it and see whether it passes the tests and the scorecard test |
Alright, agreed. |
|
Nope, ssdeep didnt work due to python version issue |
|
we can use the ppdeep you propose first but we have to find a way to circumvent the dependency check with a special exclusion. See: https://github.com/intelowlproject/IntelOwl/blob/master/.github/workflows/dependency_review.yml |
this can be done using 
|
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 22 out of 22 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 22 out of 22 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -1,4 +1,4 @@ | |||
| FROM python:3.14-slim | |||
| FROM python:3.13.12 | |||
There was a problem hiding this comment.
Several integration Dockerfiles still use older Python versions and have not been updated to Python 3.13. For consistency and to complete the Python upgrade, the following Dockerfiles should also be updated: integrations/bbot/Dockerfile (uses python:3.12-slim), integrations/phishing_analyzers/Dockerfile (uses python:3.12.3), and integrations/phunter/Dockerfile (uses python:3.12-slim). Note that integrations/pcap_analyzers, integrations/thug, integrations/nuclei_analyzer, and integrations/cyberchef use base images that don't directly specify Python versions.
| return_value="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", | ||
| ), | ||
| patch("pydeep.hash_file", return_value=b"3:AOn4:An"), | ||
| patch("tlsh.hash", return_value="T1234567890ABCDEF"), |
There was a problem hiding this comment.
Missing mock for ppdeep in the test. The old pydeep mock was removed, but no mock for ppdeep.hash_from_file was added. This will cause the test to fail if ppdeep is not installed or if the test file path doesn't exist, as ppdeep.hash_from_file will be called with an actual file path. Consider adding a mock for ppdeep similar to the other hash function mocks.
| patch("tlsh.hash", return_value="T1234567890ABCDEF"), | |
| patch("tlsh.hash", return_value="T1234567890ABCDEF"), | |
| patch("ppdeep.hash_from_file", return_value="PPDEEP_HASH_VALUE"), |
|
A lot of commits have been added, i'll make a clean pr later after all the changes/reviews. |
|
sure, thanks |
H3y @mlodic ! do we need any more changes or are we good to go? i'll make a new pr in that case. |
|
it seems there are still errors in the CI |
|
Hey @mlodic i checked out the test failures, some seemed to be independent of the python upgrade, but i've made a clean fix for all the backend tests. Have used patch and override_settings in some cases, hope that's not an issue. |
|
working on this fail |
|
there's an issue with pillow dependency, |
|
It's a subdependency IIRC. Anyway I don't see the error, where it is? |
|
under vulnerabilities |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 30 out of 30 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 31 out of 31 changed files in this pull request and generated 10 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Opened a clean PR at #3352 |
Description
This PR resolved #3306 where we're upgrading python version from 3.11 to 3.13
I have updated the necessary configuration files, CI workflows, Docker files and test files for compatibility (a few test files are still breaking)
Type of change
Checklist
develop# This file is a part of IntelOwl https://github.com/intelowlproject/IntelOwl # See the file 'LICENSE' for copying permission.Ruff) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.Important Rules