From 56c930a840bcfe20f4b6b5300db32a65aa62686e Mon Sep 17 00:00:00 2001 From: Param Singh Date: Fri, 26 Apr 2019 02:13:48 +0530 Subject: [PATCH 1/2] Upgrade dependencies to fix SEC-3 and SEC-4 The brainzutils upgrade updates fixes the werkzeug and Jinja2 version and upgrades SQLAlchemy to resolve security issues --- requirements.txt | 2 +- webserver/views/api/v1/test/test_core.py | 4 ++-- webserver/views/api/v1/test/test_dataset_eval.py | 2 +- webserver/views/api/v1/test/test_datasets.py | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements.txt b/requirements.txt index 05f429699..2f716aa3e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -git+https://github.com/metabrainz/brainzutils-python.git@v1.7.0 +git+https://github.com/metabrainz/brainzutils-python.git@v1.9.0 Flask-Admin == 1.5.3 Flask-Login == 0.4.1 Flask-SQLAlchemy == 2.3.2 diff --git a/webserver/views/api/v1/test/test_core.py b/webserver/views/api/v1/test/test_core.py index e590a467f..e02a89f16 100644 --- a/webserver/views/api/v1/test/test_core.py +++ b/webserver/views/api/v1/test/test_core.py @@ -67,8 +67,8 @@ def test_ll_bad_uuid_404(self, load_low_level): resp = self.client.get("/api/v1/nothing/low-level") self.assertEqual(404, resp.status_code) load_low_level.assert_not_called() - - expected_result = {"message": "The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} + + expected_result = {u"message": u"The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} self.assertEqual(resp.json, expected_result) @mock.patch("db.data.load_low_level") diff --git a/webserver/views/api/v1/test/test_dataset_eval.py b/webserver/views/api/v1/test/test_dataset_eval.py index 4b6d1bca0..b84d85c50 100644 --- a/webserver/views/api/v1/test/test_dataset_eval.py +++ b/webserver/views/api/v1/test/test_dataset_eval.py @@ -158,7 +158,7 @@ def test_get_job_details_invalid_uuid(self, get_job): resp = self.client.get('/api/v1/datasets/evaluation/jobs/7804abe5-58be-4c9c-a787-22b91d03xxxx', content_type='application/json') self.assertEqual(resp.status_code, 404) - expected_result = {"message": "The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} + expected_result = {u"message": u"The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} self.assertEqual(resp.json, expected_result) @mock.patch('db.dataset_eval.get_job') diff --git a/webserver/views/api/v1/test/test_datasets.py b/webserver/views/api/v1/test/test_datasets.py index 42f7962d8..8201af6f2 100644 --- a/webserver/views/api/v1/test/test_datasets.py +++ b/webserver/views/api/v1/test/test_datasets.py @@ -239,7 +239,7 @@ def test_update_dataset_details_bad_uuid(self, dataset_get): resp = self.client.put(url, data=json.dumps(submit), content_type="application/json") self.assertEqual(resp.status_code, 404) - expected_result = {"message": "The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} + expected_result = {u"message": u"The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} self.assertEqual(resp.json, expected_result) @mock.patch("db.dataset.get") From 291c3ae00b0c1663618dbd0811edfac31b50a5a2 Mon Sep 17 00:00:00 2001 From: Param Singh Date: Tue, 14 May 2019 21:39:54 +0530 Subject: [PATCH 2/2] Remove the extraneous `u` from strings in tests --- webserver/views/api/v1/test/test_core.py | 2 +- webserver/views/api/v1/test/test_dataset_eval.py | 2 +- webserver/views/api/v1/test/test_datasets.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/webserver/views/api/v1/test/test_core.py b/webserver/views/api/v1/test/test_core.py index e02a89f16..98a308f22 100644 --- a/webserver/views/api/v1/test/test_core.py +++ b/webserver/views/api/v1/test/test_core.py @@ -68,7 +68,7 @@ def test_ll_bad_uuid_404(self, load_low_level): self.assertEqual(404, resp.status_code) load_low_level.assert_not_called() - expected_result = {u"message": u"The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} + expected_result = {"message": "The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} self.assertEqual(resp.json, expected_result) @mock.patch("db.data.load_low_level") diff --git a/webserver/views/api/v1/test/test_dataset_eval.py b/webserver/views/api/v1/test/test_dataset_eval.py index b84d85c50..a7b713a9b 100644 --- a/webserver/views/api/v1/test/test_dataset_eval.py +++ b/webserver/views/api/v1/test/test_dataset_eval.py @@ -158,7 +158,7 @@ def test_get_job_details_invalid_uuid(self, get_job): resp = self.client.get('/api/v1/datasets/evaluation/jobs/7804abe5-58be-4c9c-a787-22b91d03xxxx', content_type='application/json') self.assertEqual(resp.status_code, 404) - expected_result = {u"message": u"The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} + expected_result = {"message": "The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} self.assertEqual(resp.json, expected_result) @mock.patch('db.dataset_eval.get_job') diff --git a/webserver/views/api/v1/test/test_datasets.py b/webserver/views/api/v1/test/test_datasets.py index 8201af6f2..baf52a8a0 100644 --- a/webserver/views/api/v1/test/test_datasets.py +++ b/webserver/views/api/v1/test/test_datasets.py @@ -239,7 +239,7 @@ def test_update_dataset_details_bad_uuid(self, dataset_get): resp = self.client.put(url, data=json.dumps(submit), content_type="application/json") self.assertEqual(resp.status_code, 404) - expected_result = {u"message": u"The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} + expected_result = {"message": "The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."} self.assertEqual(resp.json, expected_result) @mock.patch("db.dataset.get")