[pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Aditya Toshniwal <[email protected]>
To: pgadmin-hackers <[email protected]>
Subject: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability
Date: Thu, 21 Oct 2021 10:47:34 +0530
Message-ID: <CAM9w-_mmBhft+S_s2d2Ji__gWAz-9oX7xefCJkUcE8N5h5H8tQ@mail.gmail.com> (raw)

Hi Hackers,

As per safety audit vulnerability report id #40493 for flask-security-too:
*This is considered a low severity due to the fact that if Werkzeug is used
(which is very common with Flask applications) as the WSGI layer, it by
default ALWAYS ensures that the Location header is absolute - thus making
this attack vector mute.*

Attached patch will ignore this ID for the audit.


-- 
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Software Architect | *edbpostgres.com*
<http://edbpostgres.com;
"Don't Complain about Heat, Plant a TREE"


Attachments:

  [application/octet-stream] safety-40493.patch (639B, 3-safety-40493.patch)
  download | inline diff:
diff --git a/web/package.json b/web/package.json
index 2d80c2e91..07af7ae5c 100644
--- a/web/package.json
+++ b/web/package.json
@@ -182,7 +182,7 @@
     "pep8": "pycodestyle --config=../.pycodestyle ../docs && pycodestyle --config=../.pycodestyle ../pkg && pycodestyle --config=../.pycodestyle ../tools && pycodestyle --config=../.pycodestyle ../web",
     "auditjs-html": "yarn audit --json | yarn run yarn-audit-html --output ../auditjs.html",
     "auditjs": "yarn audit",
-    "auditpy": "safety check --full-report",
+    "auditpy": "safety check --full-report -i 40493",
     "audit": "yarn run auditjs && yarn run auditpy"
   }
 }

view thread (2+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected]
  Subject: Re: [pgAdmin[patch] Ignore flask-security-too irrelevant vulnerability
  In-Reply-To: <CAM9w-_mmBhft+S_s2d2Ji__gWAz-9oX7xefCJkUcE8N5h5H8tQ@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox