Docker/mealie
Docker/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-08-03 04:25:24 +02:00
Code Issues Releases Activity

security: multiple reported CVE fixes (#1515)

Browse source 
* update out of date license

* update typing / refactor

* fix arbitrarty path injection

* use markdown sanatizer to prevent XSS CWE-79

* fix CWE-918 SSRF by validating url and mime type

* add security docs

* update recipe-scrapers

* resolve DOS from arbitrary url

* update changelog

* bump version

* add ref to #1506

* add #1511 to changelog

* use requests decoder

* actually fix encoding issue
This commit is contained in:
Hayden 2022-07-31 13:10:20 -08:00 committed by GitHub
parent 483f789b8e
commit 13850cda1f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 401 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

29
tests/fixtures/fixture_recipe.py vendored
View file

@ -1,9 +1,12 @@
import contextlib
from collections.abc import Generator
import sqlalchemy
from pytest import fixture
from mealie.repos.repository_factory import AllRepositories
from mealie.schema.recipe.recipe import Recipe, RecipeCategory
from mealie.schema.recipe.recipe_category import CategorySave
from mealie.schema.recipe.recipe import Recipe
from mealie.schema.recipe.recipe_category import CategoryOut, CategorySave
from mealie.schema.recipe.recipe_ingredient import RecipeIngredient
from mealie.schema.recipe.recipe_step import RecipeStep
from tests.utils.factories import random_string
@ -47,15 +50,13 @@ def recipe_ingredient_only(database: AllRepositories, unique_user: TestUser):
yield model
try:
with contextlib.suppress(sqlalchemy.exc.NoResultFound):
database.recipes.delete(model.slug)
except sqlalchemy.exc.NoResultFound: # Entry Deleted in Test
pass
@fixture(scope="function")
def recipe_categories(database: AllRepositories, unique_user: TestUser) -> list[RecipeCategory]:
models: list[RecipeCategory] = []
def recipe_categories(database: AllRepositories, unique_user: TestUser) -> Generator[list[CategoryOut], None, None]:
models: list[CategoryOut] = []
for _ in range(3):
category = CategorySave(
group_id=unique_user.group_id,
@ -66,15 +67,13 @@ def recipe_categories(database: AllRepositories, unique_user: TestUser) -> list[
yield models
for model in models:
try:
database.categories.delete(model.id)
except sqlalchemy.exc.NoResultFound:
pass
for m in models:
with contextlib.suppress(sqlalchemy.exc.NoResultFound):
database.categories.delete(m.id)
@fixture(scope="function")
def random_recipe(database: AllRepositories, unique_user: TestUser) -> Recipe:
def random_recipe(database: AllRepositories, unique_user: TestUser) -> Generator[Recipe, None, None]:
recipe = Recipe(
user_id=unique_user.user_id,
group_id=unique_user.group_id,
@ -95,7 +94,5 @@ def random_recipe(database: AllRepositories, unique_user: TestUser) -> Recipe:
yield model
try:
with contextlib.suppress(sqlalchemy.exc.NoResultFound):
database.recipes.delete(model.slug)
except sqlalchemy.exc.NoResultFound:
pass