Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix PGPy/sectxt parser #1453

Closed
bwbroersma opened this issue Jul 7, 2024 · 1 comment · Fixed by #1467
Closed

Fix PGPy/sectxt parser #1453

bwbroersma opened this issue Jul 7, 2024 · 1 comment · Fixed by #1467
Assignees
@mxsasha
Labels
bug Unexpected or unwanted behaviour of current implementations release blocker Issues that must be resolved before an upcoming version can be released
Milestone
v1.9

Comments

@bwbroersma
Copy link
Collaborator

This is solved by either pinning sectxt to PR:

Or pinning PGPy to PR:

So the required PGPy will be:

index 9709248..dfd8fcf 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -126,7 +126,7 @@ packaging==23.1
     #   setuptools-scm
 pathlib2==2.3.7.post1
     # via -r requirements.in
-pgpy==0.6.0
+pgpy @ https://github.com/SecurityInnovation/PGPy/archive/09014c72b4557dd1254cf68a32e50f78515f5f32.zip
     # via sectxt
 pluggy==1.2.0
     # via

Then this probe will run without hanging on the malformed PGP armor (------):

$ docker exec -ti internetnl-develop-app-1 python3 manage.py probe --probe=appsecpriv_web_appsecpriv --domain=www.devolksbank.nl
@bwbroersma bwbroersma added bug Unexpected or unwanted behaviour of current implementations release blocker Issues that must be resolved before an upcoming version can be released labels Jul 7, 2024
@bwbroersma bwbroersma added this to the v1.9 milestone Jul 7, 2024
@bwbroersma
Copy link
Collaborator Author

bwbroersma commented Jul 10, 2024
edited
Loading

@mxsasha I agree with the 'is this guaranteed to work' question in regards to only patch PGPy in the requirements of internet.nl, and still having a different PGPy version as sub-dependency of sectxt. I could not find it, so it might be quirky behavior indeed. Better wait for the DTC patch, or pin to the sectxt PR (and then as a result also the PGPy PR).

mxsasha added a commit that referenced this issue Jul 15, 2024
@mxsasha
Fix #1453 - Update sectxt to 0.9.4 from github release
57dd298 
We depend on SecurityInnovation/PGPy#467 and
sectxt's pypi release can not point to that, only to other pypi
releases. Hence, pull sectxt from github now.
mxsasha added a commit that referenced this issue Jul 15, 2024
@mxsasha
Fix #1453 - Update sectxt to 0.9.4 from github release
5897c86 
We depend on SecurityInnovation/PGPy#467 and
sectxt's pypi release can not point to that, only to other pypi
releases. Hence, pull sectxt from github now.
mxsasha added a commit that referenced this issue Jul 16, 2024
@mxsasha
Ref #1453 - Update pip-compile's reference to pgpy
9416916
mxsasha added a commit that referenced this issue Jul 16, 2024
@mxsasha
Ref #1453 - Update pip-compile's reference to pgpy
0e9df50
mxsasha added a commit that referenced this issue Jul 24, 2024
@mxsasha
[1.8.x] Fix #1453 - Update sectxt to 0.9.4 from github release
f663901 
We depend on SecurityInnovation/PGPy#467 and
sectxt's pypi release can not point to that, only to other pypi
releases. Hence, pull sectxt from github now.

(cherry picked from commit abc6742)
mxsasha added a commit that referenced this issue Jul 24, 2024
@mxsasha
[1.8.x] Ref #1453 - Update pip-compile's reference to pgpy
68a98e8 
(cherry picked from commit 0e9df50)
@mxsasha mxsasha mentioned this issue Jul 24, 2024
Merged
mxsasha added a commit that referenced this issue Aug 12, 2024
@mxsasha
[1.8.x] Fix #1453 - Update sectxt to 0.9.4 from github release
9c17118 
We depend on SecurityInnovation/PGPy#467 and
sectxt's pypi release can not point to that, only to other pypi
releases. Hence, pull sectxt from github now.

(cherry picked from commit abc6742)
mxsasha added a commit that referenced this issue Aug 12, 2024
@mxsasha
[1.8.x] Ref #1453 - Update pip-compile's reference to pgpy
eaf4185 
(cherry picked from commit 0e9df50)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mxsasha mxsasha

Labels
bug Unexpected or unwanted behaviour of current implementations release blocker Issues that must be resolved before an upcoming version can be released
Milestone
v1.9
Development

Successfully merging a pull request may close this issue.

Backport changes to 1.8 internetstandards/Internet.nl
2 participants
@mxsasha @bwbroersma