From 4df05d8cba55f4f8bcc6911dc8147d9b2f1c8110 Mon Sep 17 00:00:00 2001 From: Mike Marchetti Date: Fri, 23 Aug 2024 17:01:13 -0400 Subject: [PATCH] fix: CVE fixes, update werkzeug Updates werkzeug for CVE-2024-34069 Signed-off-by: Mike Marchetti --- connexion/apps/flask_app.py | 3 ++- setup.py | 7 ++++--- tests/api/test_parameters.py | 2 +- tests/decorators/test_validation.py | 2 +- tests/fakeapi/hello/__init__.py | 2 +- tox.ini | 8 +++++++- 6 files changed, 16 insertions(+), 8 deletions(-) diff --git a/connexion/apps/flask_app.py b/connexion/apps/flask_app.py index 46481b176..6a7e61d89 100644 --- a/connexion/apps/flask_app.py +++ b/connexion/apps/flask_app.py @@ -10,7 +10,8 @@ import flask import werkzeug.exceptions -from flask import json, signals +from flask import signals +import json from ..apis.flask_api import FlaskApi from ..exceptions import ProblemException diff --git a/setup.py b/setup.py index bf66f2ea9..87f2f694c 100755 --- a/setup.py +++ b/setup.py @@ -25,7 +25,7 @@ def read_version(package): 'PyYAML>=5.1,<7', 'requests>=2.9.1,<3', 'inflection>=0.3.1,<0.6', - 'werkzeug>=1.0,<2.3', + 'werkzeug>=1.0,<4.0', 'importlib-metadata>=1 ; python_version<"3.8"', 'packaging>=20', ] @@ -44,9 +44,10 @@ def read_version(package): tests_require = [ 'decorator>=5,<6', - 'pytest>=6,<7', + 'pytest>=6,<9', 'pytest-cov>=2,<3', 'testfixtures>=6,<7', + 'pytest', *flask_require, swagger_ui_require ] @@ -100,7 +101,7 @@ def readme(): url='https://github.com/zalando/connexion', keywords='openapi oai swagger rest api oauth flask microservice framework', license='Apache License Version 2.0', - setup_requires=['flake8'], + setup_requires=['flake8', 'pytest-runner'], python_requires=">=3.6", install_requires=install_requires + flask_require, tests_require=tests_require, diff --git a/tests/api/test_parameters.py b/tests/api/test_parameters.py index b834176e8..2e402cc89 100644 --- a/tests/api/test_parameters.py +++ b/tests/api/test_parameters.py @@ -523,7 +523,7 @@ def test_get_unicode_request(simple_app): def test_cookie_param(simple_app): app_client = simple_app.app.test_client() - app_client.set_cookie("localhost", "test_cookie", "hello") + app_client.set_cookie(domain="localhost", key="test_cookie", value="hello") response = app_client.get("/v1.0/test-cookie-param") assert response.status_code == 200 assert response.json == {"cookie_value": "hello"} diff --git a/tests/decorators/test_validation.py b/tests/decorators/test_validation.py index 0a4685a50..e7d1596e0 100644 --- a/tests/decorators/test_validation.py +++ b/tests/decorators/test_validation.py @@ -62,7 +62,7 @@ def test_get_valid_parameter_with_enum_array_header(): def test_invalid_type(monkeypatch): logger = MagicMock() monkeypatch.setattr('connexion.decorators.validation.logger', logger) - result = ParameterValidator.validate_parameter('formdata', 20, {'type': 'string', 'name': 'foo'}) + result = ParameterValidator.validate_parameter('formdata', 20, {'name': 'foo', 'type': 'string'}) expected_result = """20 is not of type 'string' Failed validating 'type' in schema: diff --git a/tests/fakeapi/hello/__init__.py b/tests/fakeapi/hello/__init__.py index 490f939d3..9dd2f1590 100644 --- a/tests/fakeapi/hello/__init__.py +++ b/tests/fakeapi/hello/__init__.py @@ -622,7 +622,7 @@ def get_date(): def get_uuid(): - return {'value': uuid.UUID(hex='e7ff66d0-3ec2-4c4e-bed0-6e4723c24c51')} + return {'value': str(uuid.UUID(hex='e7ff66d0-3ec2-4c4e-bed0-6e4723c24c51'))} def test_optional_headers(): diff --git a/tox.ini b/tox.ini index 8e0472cb0..a043851fe 100644 --- a/tox.ini +++ b/tox.ini @@ -8,17 +8,20 @@ envlist = {py37}-{min,pypi,dev} {py38}-{min,pypi,dev} {py39}-{min,pypi,dev} + {py310}-{min,pypi,dev} isort-check isort-check-examples isort-check-tests flake8 mypy + pytest [gh-actions] python = 3.7: py37-min,py37-pypi 3.8: py38-min,py38-pypi 3.9: py39-min,py39-pypi,flake8,isort-check,isort-check-examples,isort-check-tests,mypy + 3.10: py310-min,py310-pypi,flake8,isort-check,isort-check-examples,isort-check-tests,mypy [testenv] setenv=PYTHONPATH = {toxinidir}:{toxinidir} @@ -31,7 +34,10 @@ commands= pypi: pip install --upgrade -r {toxworkdir}/requirements-pypi.txt dev: requirements-builder --level=dev --extras aiohttp --req=requirements-devel.txt -o {toxworkdir}/requirements-dev.txt setup.py dev: pip install --upgrade -r {toxworkdir}/requirements-dev.txt - python setup.py test + python setup.py pytest {posargs} + +[testenv:pytest] +commands=python -m pytest [testenv:flake8] deps=