Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Deps] requirements.txt: bump cryptography to 41.0.7 #266

Closed
wants to merge 1 commit into from
Closed

[Deps] requirements.txt: bump cryptography to 41.0.7 #266

wants to merge 1 commit into from

Conversation

Bodong-Yang
Copy link
Member

@Bodong-Yang Bodong-Yang commented Dec 4, 2023
edited
Loading

Description

cryptography below 41.0.6 has a vulnerability, check cryptography vulnerable to NULL-dereference when loading PKCS7 certificates #19 for more details.

UPDATED(20231213): the vulnerability severity is lower down to 5.0(moderate).

Changes

  1. bump cryptography to 41.0.7.
  2. bump pyopenssl to 23.3.0.

@Bodong-Yang Bodong-Yang requested a review from obi-t4 December 4, 2023 07:37
@Bodong-Yang Bodong-Yang self-assigned this Dec 4, 2023
@Bodong-Yang Bodong-Yang added dependencies Pull requests that update a dependency file security security related labels Dec 4, 2023
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 4, 2023

Coverage

Coverage Report
FileStmtsMissCoverMissing
otaclient/app
   __main__.py110%16
   common.py2681494%55, 185, 200, 275–277, 287, 296–298, 404, 416, 535, 539
   configs.py760100% 
   copy_tree.py81396%45, 96, 125
   downloader.py2634483%70, 83–84, 299, 304, 308, 326–327, 377–381, 400–402, 405–406, 409–410, 431–434, 438–439, 443–444, 448–449, 458, 533–535, 551, 571–573, 577, 579, 582, 587–589
   ecu_info.py59788%78–79, 92, 97, 120–121, 130
   errors.py1130100% 
   interface.py50100% 
   log_setting.py26773%27–28, 55, 57–59, 65
   main.py31293%43–44
   ota_client.py36912566%51–52, 74, 180–181, 194, 197, 201, 204, 241–244, 256–259, 262–263, 267–272, 282–285, 329–332, 337, 341, 344, 357–360, 363–370, 373–380, 386–389, 416, 419–420, 422, 425–428, 430–431, 436–437, 440, 454–461, 468, 471–477, 524–527, 571, 576–579, 584–586, 589–590, 592–593, 595–596, 598, 659–660, 663, 675, 686–687, 690, 702, 713, 732, 743–744, 761, 780, 784–785, 800
   ota_client_call.py38684%42–44, 80–82
   ota_client_service.py29389%58–60
   ota_client_stub.py39510872%79–81, 83–84, 92, 95–97, 100–102, 106–108, 110–111, 114–117, 119, 122–123, 126–128, 133–138, 142, 145–149, 151–152, 160–162, 165, 207–209, 214, 249, 274, 277, 280, 384, 410, 412, 438, 488, 550, 620–621, 660, 680–682, 688–691, 695–697, 704–706, 709, 713–716, 775, 862–864, 871, 901–902, 905–909, 918–927, 934, 940, 943–944, 948, 951
   ota_metadata.py3153190%147, 152, 188–189, 199–200, 203, 215, 273, 306–308, 325–328, 408, 411, 419–421, 434, 443–444, 447–448, 721–722, 725, 729, 732
   ota_status.py15286%36, 44
   proxy_info.py48589%82, 84, 87, 122, 129
   update_stats.py105298%162, 172
otaclient/app/boot_control
   __init__.py40100% 
   _cboot.py28814250%82–86, 88–90, 99–102, 104–106, 110, 112, 118–119, 121, 125, 132, 136, 140, 144–148, 152–156, 163–165, 169–171, 174–175, 178–179, 181, 183–185, 188–192, 195–199, 203, 208–212, 215, 217–218, 221, 227, 230, 233, 236, 239, 242, 245, 248–249, 252–253, 256, 258–260, 263–264, 279, 282, 316, 333–336, 349–352, 362–363, 365, 373, 412, 429–432, 441–444, 449–451, 460, 462–463, 465–466, 469, 476, 506–509, 548–551, 556–558, 563–567, 572–578
   _common.py36914361%65–67, 69–71, 73–74, 83–84, 88–89, 97–98, 109–110, 115–120, 125–130, 139, 148, 152, 156, 160, 174–175, 177, 187–189, 191, 196, 200, 210–212, 214, 222–223, 231–232, 234, 245–249, 253–257, 269–271, 283–285, 296–297, 300–304, 307, 309–310, 320–324, 328–332, 334–341, 360, 364, 367, 376, 393, 396, 402–404, 412–418, 513, 518, 523, 582–583, 637, 641–642, 645, 653, 655–656, 712–713, 716, 730, 735–736, 738, 753–754, 828–831, 852–855, 868–869, 878
   _errors.py471959%43–46, 50–52, 59–67, 69, 89–90
   _grub.py40311471%217, 265–268, 274–278, 315–316, 323–328, 331, 333, 336–338, 343, 345–347, 356–358, 360–362, 371–373, 375–377, 456–457, 461–462, 514, 520, 546, 568, 572–573, 588–590, 619, 623–625, 627–629, 684, 687–690, 709–712, 737–740, 763–766, 808, 814, 834–835, 837, 849, 852, 855, 858, 862–864, 882–885, 913–916, 921–929, 934–942
   _rpi_boot.py26612553%85–87, 93–94, 96, 99, 102, 105, 110, 118–119, 121, 127, 131–134, 139–141, 145–148, 172–174, 180–182, 195–197, 203–205, 218–225, 227, 231–233, 236–239, 242–243, 248, 252, 256, 260, 294, 324, 327–329, 337, 346–349, 359–362, 366–373, 413–415, 457–461, 480–483, 488, 491, 512–515, 520–528, 533–541, 555–558, 564–566, 569
   configs.py58296%46–47
   firmware.py32584%63, 65, 76–78
   protocol.py40100% 
   selecter.py392730%45–47, 49, 52–53, 55–57, 60, 62, 67–69, 77–79, 81–82, 84–86, 88–90, 92, 94
otaclient/app/create_standby
   __init__.py12558%30–32, 34, 36
   common.py2164579%74, 77–78, 82–84, 86, 88–90, 93, 95, 141, 189–191, 193–195, 197, 200–203, 207, 218, 292–293, 295–300, 312, 356, 359–361, 377–378, 392, 396, 421–422
   interface.py60100% 
   rebuild_mode.py99990%83, 85–87, 94–96, 101, 128
otaclient/app/proto
   __init__.py31390%37, 44–45
   _common.py4074788%85, 163, 170, 182–184, 203, 208, 219, 256, 262, 267, 298, 302, 306, 403, 464, 471, 474, 494, 501, 503, 529, 535, 538, 540, 565, 571, 574, 576, 605, 609, 611, 625, 642, 670, 673, 677, 680, 708, 714, 761–764, 766, 797
   _ota_metafiles_wrapper.py841384%37, 40–42, 112–116, 122–125
   _otaclient_v2_pb2_wrapper.py2663786%87, 90–93, 132, 175, 183, 197, 207, 210–211, 213, 258, 261, 264–265, 285, 305, 385, 452, 505, 513–515, 519–520, 522, 525–526, 529–530, 551, 559, 573, 581, 595
   streamer.py43881%32, 47, 65–66, 71, 80–81, 99
   wrapper.py40100% 
otaclient/ota_proxy
   __init__.py31680%58–59, 61, 70, 79–80
   __main__.py770%16–19, 21–22, 24
   _consts.py150100% 
   cache_control.py68494%71, 91, 113, 121
   config.py180100% 
   db.py1461589%75, 81, 103, 113, 116, 145–147, 166, 199, 208–209, 229, 258, 300
   errors.py100100% 
   orm.py1131091%91, 96, 101, 107, 113, 140–141, 154, 231, 235
   ota_cache.py4049875%95–96, 215, 226, 235, 238–239, 253–255, 275, 291–292, 294, 317–318, 324, 328, 330, 358–363, 365–367, 379, 440–441, 483–484, 554, 559–561, 567–570, 620, 639–640, 672–673, 684, 718–722, 726–728, 730, 732–739, 741–743, 746–747, 751–752, 756, 803, 811–813, 892–895, 899, 902–903, 917–918, 920–922, 926–927, 933–934, 965, 971, 998, 1027–1029
   server_app.py1383971%75, 78, 84, 100, 102, 161, 170, 212–213, 215–217, 220, 225–227, 230–231, 234, 237, 240, 243, 256–257, 260–261, 263, 266, 292–295, 298, 312–314, 320–322
   utils.py23195%31
TOTAL5888128478% 

Tests Skipped Failures Errors Time
172 0 💤 0 ❌ 0 🔥 4m 55s ⏱️

@Bodong-Yang Bodong-Yang changed the title [Deps][CRITICAL]: bump cryptography to 41.0.7 [Deps][CRITICAL] requirements.txt: bump cryptography to 41.0.7 Dec 4, 2023
@Bodong-Yang Bodong-Yang changed the title [Deps][CRITICAL] requirements.txt: bump cryptography to 41.0.7 [Deps] requirements.txt: bump cryptography to 41.0.7 Dec 13, 2023
@Bodong-Yang Bodong-Yang removed the request for review from obi-t4 January 29, 2024 10:37
@Bodong-Yang Bodong-Yang deleted the deps_critical/cryptography branch June 3, 2024 07:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Bodong-Yang Bodong-Yang

Labels
dependencies Pull requests that update a dependency file security security related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Bodong-Yang