diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 64c7454..d2010bb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,7 +13,7 @@ jobs:
steps:
- uses: actions/setup-python@v4
with:
- python-version: "3.10"
+ python-version: "3.x"
- uses: actions/checkout@v3
- run: python -m pip install --upgrade pip build wheel twine
- run: python -m build --sdist --wheel
@@ -51,7 +51,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
- python-version: "3.10"
+ python-version: "3.x"
cache: 'pip'
cache-dependency-path: 'linter-requirements.txt'
- run: python -m pip install -r linter-requirements.txt
@@ -66,12 +66,13 @@ jobs:
strategy:
matrix:
python-version:
- - "3.8"
- "3.9"
- "3.10"
+ - "3.11"
django-version:
- "3.2"
- "4.0"
+ - "4.1"
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
@@ -90,8 +91,42 @@ jobs:
unzip chromedriver_linux64.zip -d bin
- run: python -m pip install .[test] codecov
- - run: python -m pip install django~=${{ matrix.django-version }}
+ - run: python -m pip install django~=${{ matrix.django-version }}.0
- run: python -m pytest
env:
PATH: $PATH:$(pwd)/bin
- run: codecov
+
+ analyze:
+ name: CodeQL Analyze
+ needs:
+ - pytest
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ javascript, python ]
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ languages: ${{ matrix.language }}
+ queries: +security-and-quality
+
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v2
+ if: ${{ matrix.language == 'javascript' || matrix.language == 'python' }}
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2
+ with:
+ category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c43eb28..fdc768f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,7 +12,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
- python-version: "3.10"
+ python-version: "3.x"
- run: python -m pip install --upgrade pip build wheel twine
- uses: actions/setup-node@v3
- name: Install Node dependencies
diff --git a/SECURITY.md b/SECURITY.md
index 2c46f81..cf70d2e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -42,8 +42,13 @@ not escape and access any files but the one uploaded by the attacker.
## Reporting a Vulnerability
-NEVER open an issue or discussion to report a vulnerability. Please contact one of the
-maintainers of the project either via email or Telegram:
+NEVER open an issue or discussion to report a vulnerability.
+
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
+
+You may also contact one of the maintainers of the project either via email or Telegram:
* Email: [johannes@maron.family](mailto:johannes@maron.family)
* Telegram: [@codingjoe](https://t.me/codingjoe)
diff --git a/linter-requirements.txt b/linter-requirements.txt
index 616a440..3523059 100644
--- a/linter-requirements.txt
+++ b/linter-requirements.txt
@@ -1,5 +1,5 @@
-bandit==1.7.4
-black==22.6.0
-flake8==5.0.4
-isort==5.10.1
-pydocstyle[toml]==6.1.1
+bandit==1.7.5
+black==23.3.0
+flake8==6.0.0
+isort==5.12.0
+pydocstyle[toml]==6.3.0
diff --git a/package-lock.json b/package-lock.json
index 43d30f6..65897fd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1414,9 +1414,9 @@
"dev": true
},
"node_modules/json5": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
- "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
+ "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
"dev": true,
"dependencies": {
"minimist": "^1.2.0"
@@ -2214,9 +2214,9 @@
}
},
"node_modules/uglify-js": {
- "version": "3.17.0",
- "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.0.tgz",
- "integrity": "sha512-aTeNPVmgIMPpm1cxXr2Q/nEbvkmV8yq66F3om7X3P/cvOXQ0TMQ64Wk63iyT1gPlmdmGzjGpyLh1f3y8MZWXGg==",
+ "version": "3.17.4",
+ "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.4.tgz",
+ "integrity": "sha512-T9q82TJI9e/C1TAxYvfb16xO120tMVFZrGA3f9/P4424DNu6ypK103y0GPFVa17yotwSyZW5iYXgjYHkGrJW/g==",
"dev": true,
"bin": {
"uglifyjs": "bin/uglifyjs"
@@ -3345,9 +3345,9 @@
"dev": true
},
"json5": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
- "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
+ "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
"dev": true,
"requires": {
"minimist": "^1.2.0"
@@ -3917,9 +3917,9 @@
"dev": true
},
"uglify-js": {
- "version": "3.17.0",
- "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.0.tgz",
- "integrity": "sha512-aTeNPVmgIMPpm1cxXr2Q/nEbvkmV8yq66F3om7X3P/cvOXQ0TMQ64Wk63iyT1gPlmdmGzjGpyLh1f3y8MZWXGg==",
+ "version": "3.17.4",
+ "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.4.tgz",
+ "integrity": "sha512-T9q82TJI9e/C1TAxYvfb16xO120tMVFZrGA3f9/P4424DNu6ypK103y0GPFVa17yotwSyZW5iYXgjYHkGrJW/g==",
"dev": true
},
"unbox-primitive": {
diff --git a/pyproject.toml b/pyproject.toml
index 1c6f295..0e3a761 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -21,17 +21,18 @@ classifiers = [
"Topic :: Software Development",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3 :: Only",
- "Programming Language :: Python :: 3.8",
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
+ "Programming Language :: Python :: 3.11",
"Framework :: Django",
"Framework :: Django :: 3.2",
"Framework :: Django :: 4.0",
+ "Framework :: Django :: 4.1",
]
-requires-python = ">=3.8"
+requires-python = ">=3.9"
dependencies = [
"django>=2.0",
- "django-storages",
+ "django-storages>=1.6",
"boto3",
]
diff --git a/s3file/middleware.py b/s3file/middleware.py
index 9de8c6e..d0e1e6b 100644
--- a/s3file/middleware.py
+++ b/s3file/middleware.py
@@ -18,7 +18,6 @@ def __init__(self, get_response):
def __call__(self, request):
file_fields = request.POST.getlist("s3file")
for field_name in file_fields:
-
paths = request.POST.getlist(field_name)
if paths:
try:
diff --git a/s3file/storages_optimized.py b/s3file/storages_optimized.py
index dbf39d9..e1a0597 100644
--- a/s3file/storages_optimized.py
+++ b/s3file/storages_optimized.py
@@ -1,4 +1,5 @@
from storages.backends.s3boto3 import S3Boto3Storage
+from storages.utils import clean_name
class S3OptimizedUploadStorage(S3Boto3Storage):
@@ -16,7 +17,7 @@ class S3OptimizedUploadStorage(S3Boto3Storage):
def _save(self, name, content):
# Basically copy the implementation of _save of S3Boto3Storage
# and replace the obj.upload_fileobj with a copy function
- cleaned_name = self._clean_name(name)
+ cleaned_name = clean_name(name)
name = self._normalize_name(cleaned_name)
params = self._get_write_parameters(name, content)
diff --git a/tests/test_views.py b/tests/test_views.py
index 63c67a7..d84d558 100644
--- a/tests/test_views.py
+++ b/tests/test_views.py
@@ -39,7 +39,6 @@ def test_post__created(self, client, upload_file):
assert response.status_code == http.HTTPStatus.CREATED
def test_post__bad_signature(self, client, upload_file):
-
bad_signature = base64.b64encode(
hmac.new(b"eve", (self.policy + self.date).encode(), "sha256").digest()
).decode()
diff --git a/tests/testapp/views.py b/tests/testapp/views.py
index 22835e9..da3b87e 100644
--- a/tests/testapp/views.py
+++ b/tests/testapp/views.py
@@ -10,7 +10,7 @@ class FileEncoder(DjangoJSONEncoder):
def default(self, o):
if isinstance(o, File):
return o.name
- super().default(o)
+ return super().default(o)
class ExampleFormView(generic.FormView):
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy