Flask update (#2700)
* Flask security update The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656. Signed-off-by: David Dashyan <mail@davie.li> * Make send_naughty_tx error regex more robust Signed-off-by: David Dashyan <mail@davie.li>
This commit is contained in:
parent
4a008e51e3
commit
d9dfa98819
|
@ -68,8 +68,9 @@ def send_naughty_tx(asset, metadata):
|
||||||
error = sent_transaction.error
|
error = sent_transaction.error
|
||||||
regex = (
|
regex = (
|
||||||
r'\{\s*\n*'
|
r'\{\s*\n*'
|
||||||
r'\s*"message": "Invalid transaction \(ValidationError\): Invalid key name.*The key name cannot contain characters.*\n*' # noqa
|
r'\s*"message":\s*"Invalid transaction \(ValidationError\):\s*'
|
||||||
r'\s*"status": 400\n*'
|
r'Invalid key name.*The key name cannot contain characters.*\n*'
|
||||||
|
r'\s*"status":\s*400\n*'
|
||||||
r'\s*\}\n*')
|
r'\s*\}\n*')
|
||||||
assert status_code == 400
|
assert status_code == 400
|
||||||
assert re.fullmatch(regex, error), sent_transaction
|
assert re.fullmatch(regex, error), sent_transaction
|
||||||
|
|
2
setup.py
2
setup.py
|
@ -77,7 +77,7 @@ install_requires = [
|
||||||
'cryptoconditions==0.8.0',
|
'cryptoconditions==0.8.0',
|
||||||
'python-rapidjson~=0.6.0',
|
'python-rapidjson~=0.6.0',
|
||||||
'logstats~=0.2.1',
|
'logstats~=0.2.1',
|
||||||
'flask~=0.12.4',
|
'flask==1.0.0',
|
||||||
'flask-cors~=3.0.0',
|
'flask-cors~=3.0.0',
|
||||||
'flask-restful~=0.3.0',
|
'flask-restful~=0.3.0',
|
||||||
'requests~=2.20.0',
|
'requests~=2.20.0',
|
||||||
|
|
Loading…
Reference in New Issue