Mercurial > p > roundup > code
view test/pytest_patcher.py @ 8062:28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
Directions for fixing:
* `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are
vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing
tracker homes.
* `CVE-2024-39125`_ - :ref:`if Referer header is set to a script
tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0,
directions available for fixing in prior versions.
* `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from
an issue can contain embedded JavaScript which is
executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions
available for fixing in prior versions.
prior to 2.4.0 release this weekend that fixes the last two CVE's.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 09 Jul 2024 09:07:09 -0400 |
| parents | 1c94afabb2cb |
| children |
line wrap: on
line source
""" The following code was taken from: https://github.com/pytest-dev/pytest/issues/568#issuecomment-216569420 to resolve a bug with using pytest.mark.skip(). Once the bug is resolved in pytest this file can be removed along with all the wrapper mark_class() references in the other test files. """ import types def mark_class(marker): '''Workaround for https://github.com/pytest-dev/pytest/issues/568''' def copy_func(f): try: return types.FunctionType(f.__code__, f.__globals__, name=f.__name__, argdefs=f.__defaults__, closure=f.__closure__) except AttributeError: return types.FunctionType(f.func_code, f.func_globals, name=f.func_name, argdefs=f.func_defaults, closure=f.func_closure) def mark(cls): if isinstance(cls, types.FunctionType): return marker(copy_func(cls)) for method in dir(cls): if method.startswith('test'): f = copy_func(getattr(cls, method)) setattr(cls, method, marker(f)) return cls return mark