Mercurial > p > roundup > code
annotate test/pytest_patcher.py @ 8062:28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
Directions for fixing:
* `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are
vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing
tracker homes.
* `CVE-2024-39125`_ - :ref:`if Referer header is set to a script
tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0,
directions available for fixing in prior versions.
* `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from
an issue can contain embedded JavaScript which is
executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions
available for fixing in prior versions.
prior to 2.4.0 release this weekend that fixes the last two CVE's.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 09 Jul 2024 09:07:09 -0400 |
| parents | 1c94afabb2cb |
| children |
| rev | line source |
|---|---|
|
5109
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
1 """ |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
2 The following code was taken from: |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
3 |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
4 https://github.com/pytest-dev/pytest/issues/568#issuecomment-216569420 |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
5 |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
6 to resolve a bug with using pytest.mark.skip(). Once the bug is resolved in |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
7 pytest this file can be removed along with all the wrapper mark_class() |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
8 references in the other test files. |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
9 """ |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
10 import types |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
11 |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
12 |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
13 def mark_class(marker): |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
14 '''Workaround for https://github.com/pytest-dev/pytest/issues/568''' |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
15 def copy_func(f): |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
16 try: |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
17 return types.FunctionType(f.__code__, f.__globals__, |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
18 name=f.__name__, argdefs=f.__defaults__, |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
19 closure=f.__closure__) |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
20 except AttributeError: |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
21 return types.FunctionType(f.func_code, f.func_globals, |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
22 name=f.func_name, |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
23 argdefs=f.func_defaults, |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
24 closure=f.func_closure) |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
25 |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
26 def mark(cls): |
|
5111
1c94afabb2cb
Fix mark_class decorator to work in all cases
John Kristensen <john@jerrykan.com>
parents:
5109
diff
changeset
|
27 if isinstance(cls, types.FunctionType): |
|
1c94afabb2cb
Fix mark_class decorator to work in all cases
John Kristensen <john@jerrykan.com>
parents:
5109
diff
changeset
|
28 return marker(copy_func(cls)) |
|
1c94afabb2cb
Fix mark_class decorator to work in all cases
John Kristensen <john@jerrykan.com>
parents:
5109
diff
changeset
|
29 |
|
5109
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
30 for method in dir(cls): |
|
5111
1c94afabb2cb
Fix mark_class decorator to work in all cases
John Kristensen <john@jerrykan.com>
parents:
5109
diff
changeset
|
31 if method.startswith('test'): |
|
5109
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
32 f = copy_func(getattr(cls, method)) |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
33 setattr(cls, method, marker(f)) |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
34 return cls |
|
43a1f7fe39f5
Improved work-around for pytest markers bug
John Kristensen <john@jerrykan.com>
parents:
diff
changeset
|
35 return mark |