Fixed some security issues

dhondta · Aug 2, 2024 · a811e16 · a811e16
1 parent 9a9a236
commit a811e16
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 31 deletions.
diff --git a/.coveragerc b/.coveragerc
@@ -12,17 +12,8 @@ omit =
 [report]
 exclude_lines =
     pragma: no cover
-    # Python2/3 incompatibilities if/elif/else blocks
-    (?m)(?P<indent>(?:\s+))if.*?PY(?:THON)?3.*?\:((?P=indent)\s+.*?)+(((?P=indent)else|elif).*?\:((?P=indent)\s+.*?)+)*$
-    (if|and) (?:not )?PY(?:THON)?3:?
-    if sys\.version_info \< \(3\,\)\:
-    if pdf_generation:
-    pdf_generation
     # __main__ logics
     if\s+__name__\s+==\s+(?P<q>(?:[\'\"]))__main__(?P=q)\s+:
-    import ConfigParser
-    except ImportError:
-    except NameError:
     # sudo when using 'initialize'
     if sudo and not is_admin():
     # 'interact' module - remote interaction
@@ -34,17 +25,11 @@ exclude_lines =
     if WINDOWS:
     raise NotImplementedError
     except NotImplementedError:
-    # virtualenv package install
-    elif line.startswith\(\"Successfully installed\"\):
-    for top_level in __install
-    def __deprecated
     def hotkeys(hotkeys, silent=True):
     super\(NewClass\, self\)\.__init__
     # optional packages not installed or different platform or cumbersome to test
     if not hotkeys_enabled:
-    try:  # Windows
     def stdin_pipe\(\):
     Xlib.error.DisplayConnectionError
     def send_mail
     except KeyboardInterrupt:
-    re.sre_parse
diff --git a/pyproject.toml b/pyproject.toml
@@ -52,10 +52,12 @@ dependencies = [
   "markdown2>=2.4.0",
   "netaddr",
   "netifaces",
+  "packaging",
   "patchy",
   "pathlib2",
   "pip>=24.0",
   "plyer>=2.0.0",
+  "pydyf>=0.8.0,<0.11.0; python_version=='3.8'",
   "pygments>=2.8.1",
   "pyminizip",
   "pynput",
@@ -64,14 +66,14 @@ dependencies = [
   "python-magic",
   "python-slugify",
   "pyyaml>=5.3.1",
-  "requests",
+  "requests>=2.32.2",
   "rich",
   "setuptools>=70.2.0",
   "terminaltables",
   "toml",
   "tqdm",
   "virtualenv>=20.26.3",
-  "weasyprint",
+  "weasyprint>=60.2",
   "xmltodict",
 ]
 dynamic = ["version"]

diff --git a/requirements.txt b/requirements.txt
@@ -13,6 +13,7 @@ lazy_object_proxy>=1.9.0
 markdown2>=2.4.0
 netaddr
 netifaces
+packaging
 patchy
 pathlib2
 pip>=24.0
@@ -25,15 +26,16 @@ pypiwin32; sys_platform=='windows'
 python-magic
 python-slugify
 pyyaml>=5.3.1
-requests
+requests>=2.32.2
 rich
 setuptools>=70.2.0
 terminaltables
 toml
 tqdm
 virtualenv>=20.26.3
-weasyprint
+weasyprint>=60.2
 xmltodict
 # Snyk false alarms
 pillow>=10.2.0  # solved with asciistuff>=1.3.0
+urllib3>=2.2.2  # solved with requests>=2.32.2
 zipp>=3.19.1
diff --git a/src/tinyscript/VERSION.txt b/src/tinyscript/VERSION.txt
@@ -1 +1 @@
-1.30.15
+1.30.16
diff --git a/src/tinyscript/argreparse.py b/src/tinyscript/argreparse.py
@@ -11,15 +11,12 @@
 from argparse import *
 from argparse import _ActionsContainer, _ArgumentGroup, _MutuallyExclusiveGroup, _AttributeHolder, _SubParsersAction, \
                      Action, _UNRECOGNIZED_ARGS_ATTR, Namespace as BaseNamespace, ArgumentParser as BaseArgumentParser
+from configparser import ConfigParser, NoOptionError, NoSectionError
 from inspect import currentframe
 from os import environ
 from os.path import abspath, basename, dirname, sep, splitext
 from shutil import which
 from stat import S_IXUSR
-try:
-    from configparser import ConfigParser, NoOptionError, NoSectionError
-except ImportError:
-    from ConfigParser import ConfigParser, NoOptionError, NoSectionError
 
 from .features.loglib import logger
 from .helpers.inputs import user_input
@@ -96,8 +93,6 @@ def __exit__(self, exc_type, exc_value, exc_traceback):
 
     @staticmethod
     def reset():
-        global parser_calls
-        parser_calls = []
         ArgumentParser.reset()
 
 
@@ -415,7 +410,7 @@ def _check_requirements(self, requires):
         environ['SETUPTOOLS_USE_DISTUTILS'] = "stdlib"
         # importlib.metadata is available only from Python 3.8
         from importlib.metadata import version as get_version
-        from setuptools.extern.packaging.version import Version
+        from packaging.version import Version
         errors = []
         requires = requires or {}
         if not isinstance(requires, dict):

diff --git a/src/tinyscript/helpers/data/types/network.py b/src/tinyscript/helpers/data/types/network.py
@@ -8,7 +8,6 @@
 
 __all__ = __features__ = []
 
-lazy_load_module("email", alias="emaillib")
 for _m in ["netaddr", "netifaces"]:
     lazy_load_module(_m)
 
@@ -70,9 +69,10 @@ def __domain_name(name, dotted=False, fail=True):
 
 def __email_address(email, fail=True):
     """ Email address validation. """
+    from email.utils import parseaddr
     # reference: https://stackoverflow.com/questions/8022530/
     if len(email) <= 320 and re.match(r"^[^@]+@[^@]+$", email) and \
-       is_hostname(email.split("@")[1]) and emaillib.utils.parseaddr(email)[1] != "":
+       is_hostname(email.split("@")[1]) and parseaddr(email)[1] != "":
         return email
     if fail:
         raise ValueError("Bad email address")

diff --git a/src/tinyscript/helpers/inputs.py b/src/tinyscript/helpers/inputs.py
@@ -205,10 +205,10 @@ def stdin_flush():
     Source: https://rosettacode.org/wiki/Keyboard_input/Flush_the_keyboard_buffer#Python
     """
     try:
-        try:  # Windows
+        if WINDOWS:
             from msvcrt import getch, kbhit
             while kbhit(): getch()
-        except ImportError:  # Linux/Unix
+        else:
             from termios import tcflush, TCIOFLUSH
             tcflush(sys.stdin, TCIOFLUSH)
     except Exception: