openinfra/refstack
Code Issues Proposed changes

Merge "Fix security vulnerabilities using Bandit"

Browse Source
This commit is contained in:
Zuul 2023-02-08 13:25:41 +00:00 committed by Gerrit Code Review
commit aa239130d6
4 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
refstack/db/migrations/alembic/versions/434be17a6ec3_fix_openids_with_space.py
View File

@ -32,13 +32,12 @@ def upgrade():
# Remove instances of the new openid so the old one can take
# its place.
query = "delete from user where openid='%s'" % (new_openid)
conn.execute(query.replace('%', '%%'))
query = "delete from user where openid=%%:user"
conn.execute(query, user=new_openid)
# Update the openid.
query = ("update user set openid='%s' where openid='%s'" %
(new_openid, old_openid))
conn.execute(query.replace('%', '%%'))
query = ("update user set openid=%%:new where openid=%%:old")
conn.execute(query, new=new_openid, old=old_openid)
# Update all usage of %20 in all openid references using MySQL Replace.
conn.execute("update meta set value = "

2
refstack/tests/api/test_profile.py
View File

@ -53,7 +53,7 @@ class TestProfileEndpoint(api.FunctionalTest):
url = self.URL + 'pubkeys'
key = rsa.generate_private_key(
public_exponent=65537,
key_size=1024,
key_size=2048,
backend=default_backend()
)
sign = key.sign('signature'.encode('utf-8'),

2
refstack/tests/api/test_results.py
View File

@ -422,7 +422,7 @@ class TestResultsEndpointNoAnonymous(api.FunctionalTest):
def _generate_keypair_(self):
return rsa.generate_private_key(
public_exponent=65537,
key_size=1024,
key_size=2048,
backend=default_backend()
)

2
refstack/tests/unit/test_validators.py
View File

@ -109,7 +109,7 @@ class TestResultValidatorTestCase(base.BaseTestCase):
key = rsa.generate_private_key(
public_exponent=65537,
key_size=1024,
key_size=2048,
backend=default_backend()
)
sign = key.sign(request.body, padding.PKCS1v15(), hashes.SHA256())