From 2a8c6433595d5f4e0d8eba57cce61bf39fddddfd Mon Sep 17 00:00:00 2001 From: Philip Jenvey Date: Mon, 24 Jun 2019 15:04:46 -0700 Subject: [PATCH] chore: bump to the latest twisted per CVE-2019-12387 and adapt tests to it Closes #1336 --- autopush/tests/test_fcmclient.py | 4 ++-- autopush/tests/test_gcmclient.py | 4 ++-- autopush/tests/test_integration.py | 29 +++++++++++++++++++---------- requirements.txt | 7 +++++-- 4 files changed, 28 insertions(+), 16 deletions(-) diff --git a/autopush/tests/test_fcmclient.py b/autopush/tests/test_fcmclient.py index bd4dd46c..284b8826 100644 --- a/autopush/tests/test_fcmclient.py +++ b/autopush/tests/test_fcmclient.py @@ -96,8 +96,8 @@ def test_fail_401(self): def test_fail_500(self): self._m_response.code = 500 content = "OMG" - self._m_response.headers.addRawHeader('Retry-After', 123) + self._m_response.headers.addRawHeader('Retry-After', "123") self._m_resp_text.callback(content) self._m_request.callback(self._m_response) result = yield self.fcm.send("token", self.m_payload) - assert result.retry_after == 123 + assert result.retry_after == "123" diff --git a/autopush/tests/test_gcmclient.py b/autopush/tests/test_gcmclient.py index 2d4adb59..f3491502 100644 --- a/autopush/tests/test_gcmclient.py +++ b/autopush/tests/test_gcmclient.py @@ -193,9 +193,9 @@ def test_fail_401(self): def test_fail_500(self): self._m_response.code = 500 content = "OMG" - self._m_response.headers.addRawHeader('Retry-After', 123) + self._m_response.headers.addRawHeader('Retry-After', "123") self._m_resp_text.callback(content) self._m_request.callback(self._m_response) result = yield self.gcm.send(self.m_payload) assert 'some_reg_id' in result.retry_message.registration_ids - assert result.retry_after == 123 + assert result.retry_after == "123" diff --git a/autopush/tests/test_integration.py b/autopush/tests/test_integration.py index 2e8d59c4..07dab343 100644 --- a/autopush/tests/test_integration.py +++ b/autopush/tests/test_integration.py @@ -3,6 +3,7 @@ import logging import os import random +import socket import sys import time import urlparse @@ -2438,16 +2439,24 @@ def endpoint_kwargs(self): def test_proxy_protocol(self): port = self.ep.conf.proxy_protocol_port ip = '198.51.100.22' - proto_line = 'PROXY TCP4 {} 203.0.113.7 35646 80\r\n'.format(ip) - # the proxy proto. line comes before the request: we can sneak - # it in before the verb - response, body = yield _agent( - '{}GET'.format(proto_line), - "http://localhost:{}/v1/err".format(port), - ) - assert response.code == 418 - payload = json.loads(body) - assert payload['error'] == "Test Error" + req = """\ +PROXY TCP4 {} 203.0.113.7 35646 80\r +GET /v1/err HTTP/1.1\r +Host: 127.0.0.1\r +\r\n""".format(ip) + + def proxy_request(): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.connect(("localhost", port)) + try: + sock.sendall(req) + return sock.recv(4096) + finally: + sock.close() + + response = yield deferToThread(proxy_request) + assert response.startswith("HTTP/1.1 418 ") + assert "Test Error" in response assert self.logs.logged_ci(lambda ci: ci.get('remote_ip') == ip) @inlineCallbacks diff --git a/requirements.txt b/requirements.txt index affd6139..937547dd 100644 --- a/requirements.txt +++ b/requirements.txt @@ -67,12 +67,15 @@ rsa==4.0 # via google-auth, oauth2client, python-jose s3transfer==0.1.13 # via boto3 service-identity==18.1.0 simplejson==3.16.0 -six==1.12.0 # via autobahn, automat, cryptography, firebase-admin, google-api-core, google-auth, google-resumable-media, grpcio, marshmallow-polyfield, oauth2client, protobuf, pyhamcrest, pyopenssl, python-dateutil, python-jose, treq, txaio +six==1.12.0 # via autobahn, automat, cryptography, firebase-admin, google-api-core, google-auth, google-resumable-media, grpcio, oauth2client, protobuf, pyhamcrest, pyopenssl, python-dateutil, python-jose, treq, txaio treq==18.6.0 -twisted[tls]==18.9.0 +twisted[tls]==19.2.1 txaio==18.8.1 # via autobahn typing==3.6.6 ua-parser==0.8.0 urllib3==1.24.2 # via botocore, requests wsaccel==0.6.2 ; platform_python_implementation == "CPython" zope.interface==4.6.0 + +# The following packages are considered to be unsafe in a requirements file: +# setuptools==41.0.1 # via google-api-core, protobuf, pyhamcrest, zope.interface