Skip to content

Commit

Permalink
Resolve security issues raised in vulnerability scan (#261)
Browse files Browse the repository at this point in the history 
* #TMMA-498: Move mysql-connector-python package to virtualenv not system wide package

* #TMMA-499: Upgrade jQuery

* Disable TRACK/TRACE methods
  • Loading branch information
@asset-web
asset-web authored Jan 17, 2024
1 parent c617946 commit 30b2f47
Show file tree
Hide file tree
Showing 9 changed files with 109 additions and 6 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
8.8.0 TMMA-499: Update jQuery & disable TRACK/TRACE methods
TMMA-498: Upgrade mysql-connector-python
Apply python dependency updates

8.7.0 TMMA-494: Add support PubMed formatted files without a leading blank line
Apply python dependency updates

Expand Down
2 changes: 2 additions & 0 deletions browser/static/sb-admin-2/vendor/jquery/jquery-3.7.1.min.js
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions browser/templates/includes/javascript.html
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<!-- jQuery 3.2.1 -->
<script src="{{ STATIC_URL }}sb-admin-2/vendor/jquery/jquery-3.2.1.min.js"></script>
<!-- jQuery 3.7.1 -->
<script src="{{ STATIC_URL }}sb-admin-2/vendor/jquery/jquery-3.7.1.min.js"></script>

<!-- Bootstrap Core JavaScript -->
<script src="{{ STATIC_URL }}sb-admin-2/vendor/bootstrap/js/bootstrap.min.js"></script>
Expand Down
1 change: 0 additions & 1 deletion deploy/deploy-centos.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@ yum -y install python3-wheel
yum -y install python3-lxml

echo "### Install DB connectivity tools"
yum -y install mysql-connector-python
yum -y install mysql-utilities

echo "### Install anti-virus tools used with Apache fronted instances"
Expand Down
1 change: 1 addition & 0 deletions deploy/fabfile.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,7 @@ def setup_apache(env="dev", use_local_mode=False, project_dir=PROJECT_ROOT):

apache_conf = """
Header set X-Frame-Options "DENY"
TraceEnable off
WSGIScriptAlias / /usr/local/projects/temmpo/lib/%(env)s/src/temmpo/temmpo/wsgi.py
# WSGIPythonHome /usr/local/projects/temmpo/bin/python3
Expand Down
34 changes: 33 additions & 1 deletion requirements/dev.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,7 @@ jeepney==0.8.0 \
# pyscreenshot
lxml==5.1.0 \
--hash=sha256:13521a321a25c641b9ea127ef478b580b5ec82aa2e9fc076c86169d161798b01 \
--hash=sha256:14deca1460b4b0f6b01f1ddc9557704e8b365f55c63070463f6c18619ebf964f \
--hash=sha256:16018f7099245157564d7148165132c70adb272fb5a17c048ba70d9cc542a1a1 \
--hash=sha256:16dd953fb719f0ffc5bc067428fc9e88f599e15723a85618c45847c96f11f431 \
--hash=sha256:19a1bc898ae9f06bccb7c3e1dfd73897ecbbd2c96afe9095a6026016e5ca97b8 \
Expand All @@ -479,13 +480,15 @@ lxml==5.1.0 \
--hash=sha256:4946e7f59b7b6a9e27bef34422f645e9a368cb2be11bf1ef3cafc39a1f6ba68d \
--hash=sha256:49a9b4af45e8b925e1cd6f3b15bbba2c81e7dba6dce170c677c9cda547411e14 \
--hash=sha256:4f8b0c78e7aac24979ef09b7f50da871c2de2def043d468c4b41f512d831e912 \
--hash=sha256:52427a7eadc98f9e62cb1368a5079ae826f94f05755d2d567d93ee1bc3ceb354 \
--hash=sha256:5e53d7e6a98b64fe54775d23a7c669763451340c3d44ad5e3a3b48a1efbdc96f \
--hash=sha256:5fcfbebdb0c5d8d18b84118842f31965d59ee3e66996ac842e21f957eb76138c \
--hash=sha256:601f4a75797d7a770daed8b42b97cd1bb1ba18bd51a9382077a6a247a12aa38d \
--hash=sha256:61c5a7edbd7c695e54fca029ceb351fc45cd8860119a0f83e48be44e1c464862 \
--hash=sha256:6a2a2c724d97c1eb8cf966b16ca2915566a4904b9aad2ed9a09c748ffe14f969 \
--hash=sha256:6d48fc57e7c1e3df57be5ae8614bab6d4e7b60f65c5457915c26892c41afc59e \
--hash=sha256:6f11b77ec0979f7e4dc5ae081325a2946f1fe424148d3945f943ceaede98adb8 \
--hash=sha256:704f5572ff473a5f897745abebc6df40f22d4133c1e0a1f124e4f2bd3330ff7e \
--hash=sha256:725e171e0b99a66ec8605ac77fa12239dbe061482ac854d25720e2294652eeaa \
--hash=sha256:7cfced4a069003d8913408e10ca8ed092c49a7f6cefee9bb74b6b3e860683b45 \
--hash=sha256:7ec465e6549ed97e9f1e5ed51c657c9ede767bc1c11552f7f4d022c4df4a977a \
Expand All @@ -499,6 +502,7 @@ lxml==5.1.0 \
--hash=sha256:8d7b4beebb178e9183138f552238f7e6613162a42164233e2bda00cb3afac58f \
--hash=sha256:8f52fe6859b9db71ee609b0c0a70fea5f1e71c3462ecf144ca800d3f434f0764 \
--hash=sha256:98f3f020a2b736566c707c8e034945c02aa94e124c24f77ca097c446f81b01f1 \
--hash=sha256:9aa543980ab1fbf1720969af1d99095a548ea42e00361e727c58a40832439114 \
--hash=sha256:9b99f564659cfa704a2dd82d0684207b1aadf7d02d33e54845f9fc78e06b7581 \
--hash=sha256:9bcf86dfc8ff3e992fed847c077bd875d9e0ba2fa25d859c3a0f0f76f07f0c8d \
--hash=sha256:9bd0ae7cc2b85320abd5e0abad5ccee5564ed5f0cc90245d2f9a8ef330a8deae \
Expand All @@ -508,6 +512,7 @@ lxml==5.1.0 \
--hash=sha256:a5ab722ae5a873d8dcee1f5f45ddd93c34210aed44ff2dc643b5025981908cda \
--hash=sha256:a96f02ba1bcd330807fc060ed91d1f7a20853da6dd449e5da4b09bfcc08fdcf5 \
--hash=sha256:acb6b2f96f60f70e7f34efe0c3ea34ca63f19ca63ce90019c6cbca6b676e81fa \
--hash=sha256:ae15347a88cf8af0949a9872b57a320d2605ae069bcdf047677318bc0bba45b1 \
--hash=sha256:af8920ce4a55ff41167ddbc20077f5698c2e710ad3353d32a07d3264f3a2021e \
--hash=sha256:afd825e30f8d1f521713a5669b63657bcfe5980a916c95855060048b88e1adb7 \
--hash=sha256:b21b4031b53d25b0858d4e124f2f9131ffc1530431c6d1321805c90da78388d1 \
Expand All @@ -519,7 +524,6 @@ lxml==5.1.0 \
--hash=sha256:c26aab6ea9c54d3bed716b8851c8bfc40cb249b8e9880e250d1eddde9f709bf5 \
--hash=sha256:c3cd1fc1dc7c376c54440aeaaa0dcc803d2126732ff5c6b68ccd619f2e64be4f \
--hash=sha256:c7257171bb8d4432fe9d6fdde4d55fdbe663a63636a17f7f9aaba9bcb3153ad7 \
--hash=sha256:cfbac9f6149174f76df7e08c2e28b19d74aed90cad60383ad8671d3af7d0502f \
--hash=sha256:d42e3a3fc18acc88b838efded0e6ec3edf3e328a58c68fbd36a7263a874906c8 \
--hash=sha256:d74fcaf87132ffc0447b3c685a9f862ffb5b43e70ea6beec2fb8057d5d2a1fea \
--hash=sha256:d8c1d679df4361408b628f42b26a5d62bd3e9ba7f0c0e7969f925021554755aa \
Expand All @@ -544,6 +548,34 @@ mss==9.0.1 \
# via
# -r requirements/test.txt
# pyscreenshot
mysql-connector-python==8.3.0 \
--hash=sha256:0deb38f05057e12af091a48e03a1ff00e213945880000f802879fae5665e7502 \
--hash=sha256:125714c998a697592bc56cce918a1acc58fadc510a7f588dbef3e53a1920e086 \
--hash=sha256:1db5b48b4ff7d24344217ed2418b162c7677eec86ab9766dc0e5feae39c90974 \
--hash=sha256:201e609159b84a247be87b76f5deb79e8c6b368e91f043790e62077f13f3fed8 \
--hash=sha256:27f8be2087627366a44a6831ec68b568c98dbf0f4ceff24682d90c21db6e0f1f \
--hash=sha256:4be4165e4cd5acb4659261ddc74e9164d2dfa0d795d5695d52f2bf39ea0762fa \
--hash=sha256:51d97bf771519829797556718d81e8b9bdcd0a00427740ca57c085094c8bde17 \
--hash=sha256:55cb57d8098c721abce20fdef23232663977c0e5c87a4d0f9f73466f32c7d168 \
--hash=sha256:5718e426cf67f041772d4984f709052201883f74190ba6feaddce5cbd3b99e6f \
--hash=sha256:5e2c86c60be08c71bae755d811fe8b89ec4feb8117ec3440ebc6c042dd6f06bc \
--hash=sha256:5f707a9b040ad4700fc447ba955c78b08f2dd5affde37ac2401918f7b6daaba3 \
--hash=sha256:73ee8bc5f9626c42b37342a91a825cddb3461f6bfbbd6524d8ccfd3293aaa088 \
--hash=sha256:77bae496566d3da77bb0e938d89243103d20ee41633f626a47785470451bf45c \
--hash=sha256:7f4f5fa844c19ee3a78c4606f6e138b06829e75469592d90246a290c7befc322 \
--hash=sha256:85fa878fdd6accaeb7d609bd2637c2cfa61592e7f9bdbdc0da18b2fa998d3d5a \
--hash=sha256:9302d774025e76a0fac46bfeea8854b3d6819715a6a16ff23bfcda04218a76b7 \
--hash=sha256:b2901391b651d60dab3cc8985df94976fc1ea59fa7324c5b19d0a4177914c8dd \
--hash=sha256:c57d02fd6c28be444487e7905ede09e3fecb18377cf82908ca262826369d3401 \
--hash=sha256:de0f2f2baa9e091ca8bdc4a091f874f9cd0b84b256389596adb0e032a05fe9f9 \
--hash=sha256:de5c3ee89d9276356f93df003949d3ba4c486f32fec9ec9fd7bc0caab124d89c \
--hash=sha256:de74055944b214bff56e1752ec213d705c421414c67a250fb695af0c5c214135 \
--hash=sha256:e4ff23aa8036b4c5b6463fa81398bb5a528a29f99955de6ba937f0bba57a2fe3 \
--hash=sha256:e868ccc7ad9fbc242546db04673d89cee87d12b8139affd114524553df4e5d6a \
--hash=sha256:ec6dc3434a7deef74ab04e8978f6c5e181866a5423006c1b5aec5390a189d28d \
--hash=sha256:f4ee7e07cca6b744874d60d6b0b24817d9246eb4e8d7269b7ddbe68763a0bd13 \
--hash=sha256:f7acacdf9fd4260702f360c00952ad9a9cc73e8b7475e0d0c973c085a3dd7b7d
# via -r requirements/test.txt
mysqlclient==2.2.1 \
--hash=sha256:1f8889cc5f0141bb307b915e981a66793df663ace92259344661084a7dd8d12a \
--hash=sha256:2c7ad15b87293b12fd44b47c46879ec95ec647f4567e866ccd70b8337584e9b2 \
Expand Down
1 change: 1 addition & 0 deletions requirements/requirements.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ django-hcaptcha-field>=1.4.0
hiredis>=2.2.2
lxml>=4.9.2
more-itertools>=9.1.0
mysql-connector-python>=8.0.32
mysqlclient>=2.1.1
numexpr>=2.8.4
numpy>=1.24.2
Expand Down
34 changes: 33 additions & 1 deletion requirements/requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@ hiredis==2.3.2 \
# via -r requirements/requirements.in
lxml==5.1.0 \
--hash=sha256:13521a321a25c641b9ea127ef478b580b5ec82aa2e9fc076c86169d161798b01 \
--hash=sha256:14deca1460b4b0f6b01f1ddc9557704e8b365f55c63070463f6c18619ebf964f \
--hash=sha256:16018f7099245157564d7148165132c70adb272fb5a17c048ba70d9cc542a1a1 \
--hash=sha256:16dd953fb719f0ffc5bc067428fc9e88f599e15723a85618c45847c96f11f431 \
--hash=sha256:19a1bc898ae9f06bccb7c3e1dfd73897ecbbd2c96afe9095a6026016e5ca97b8 \
Expand All @@ -239,13 +240,15 @@ lxml==5.1.0 \
--hash=sha256:4946e7f59b7b6a9e27bef34422f645e9a368cb2be11bf1ef3cafc39a1f6ba68d \
--hash=sha256:49a9b4af45e8b925e1cd6f3b15bbba2c81e7dba6dce170c677c9cda547411e14 \
--hash=sha256:4f8b0c78e7aac24979ef09b7f50da871c2de2def043d468c4b41f512d831e912 \
--hash=sha256:52427a7eadc98f9e62cb1368a5079ae826f94f05755d2d567d93ee1bc3ceb354 \
--hash=sha256:5e53d7e6a98b64fe54775d23a7c669763451340c3d44ad5e3a3b48a1efbdc96f \
--hash=sha256:5fcfbebdb0c5d8d18b84118842f31965d59ee3e66996ac842e21f957eb76138c \
--hash=sha256:601f4a75797d7a770daed8b42b97cd1bb1ba18bd51a9382077a6a247a12aa38d \
--hash=sha256:61c5a7edbd7c695e54fca029ceb351fc45cd8860119a0f83e48be44e1c464862 \
--hash=sha256:6a2a2c724d97c1eb8cf966b16ca2915566a4904b9aad2ed9a09c748ffe14f969 \
--hash=sha256:6d48fc57e7c1e3df57be5ae8614bab6d4e7b60f65c5457915c26892c41afc59e \
--hash=sha256:6f11b77ec0979f7e4dc5ae081325a2946f1fe424148d3945f943ceaede98adb8 \
--hash=sha256:704f5572ff473a5f897745abebc6df40f22d4133c1e0a1f124e4f2bd3330ff7e \
--hash=sha256:725e171e0b99a66ec8605ac77fa12239dbe061482ac854d25720e2294652eeaa \
--hash=sha256:7cfced4a069003d8913408e10ca8ed092c49a7f6cefee9bb74b6b3e860683b45 \
--hash=sha256:7ec465e6549ed97e9f1e5ed51c657c9ede767bc1c11552f7f4d022c4df4a977a \
Expand All @@ -259,6 +262,7 @@ lxml==5.1.0 \
--hash=sha256:8d7b4beebb178e9183138f552238f7e6613162a42164233e2bda00cb3afac58f \
--hash=sha256:8f52fe6859b9db71ee609b0c0a70fea5f1e71c3462ecf144ca800d3f434f0764 \
--hash=sha256:98f3f020a2b736566c707c8e034945c02aa94e124c24f77ca097c446f81b01f1 \
--hash=sha256:9aa543980ab1fbf1720969af1d99095a548ea42e00361e727c58a40832439114 \
--hash=sha256:9b99f564659cfa704a2dd82d0684207b1aadf7d02d33e54845f9fc78e06b7581 \
--hash=sha256:9bcf86dfc8ff3e992fed847c077bd875d9e0ba2fa25d859c3a0f0f76f07f0c8d \
--hash=sha256:9bd0ae7cc2b85320abd5e0abad5ccee5564ed5f0cc90245d2f9a8ef330a8deae \
Expand All @@ -268,6 +272,7 @@ lxml==5.1.0 \
--hash=sha256:a5ab722ae5a873d8dcee1f5f45ddd93c34210aed44ff2dc643b5025981908cda \
--hash=sha256:a96f02ba1bcd330807fc060ed91d1f7a20853da6dd449e5da4b09bfcc08fdcf5 \
--hash=sha256:acb6b2f96f60f70e7f34efe0c3ea34ca63f19ca63ce90019c6cbca6b676e81fa \
--hash=sha256:ae15347a88cf8af0949a9872b57a320d2605ae069bcdf047677318bc0bba45b1 \
--hash=sha256:af8920ce4a55ff41167ddbc20077f5698c2e710ad3353d32a07d3264f3a2021e \
--hash=sha256:afd825e30f8d1f521713a5669b63657bcfe5980a916c95855060048b88e1adb7 \
--hash=sha256:b21b4031b53d25b0858d4e124f2f9131ffc1530431c6d1321805c90da78388d1 \
Expand All @@ -279,7 +284,6 @@ lxml==5.1.0 \
--hash=sha256:c26aab6ea9c54d3bed716b8851c8bfc40cb249b8e9880e250d1eddde9f709bf5 \
--hash=sha256:c3cd1fc1dc7c376c54440aeaaa0dcc803d2126732ff5c6b68ccd619f2e64be4f \
--hash=sha256:c7257171bb8d4432fe9d6fdde4d55fdbe663a63636a17f7f9aaba9bcb3153ad7 \
--hash=sha256:cfbac9f6149174f76df7e08c2e28b19d74aed90cad60383ad8671d3af7d0502f \
--hash=sha256:d42e3a3fc18acc88b838efded0e6ec3edf3e328a58c68fbd36a7263a874906c8 \
--hash=sha256:d74fcaf87132ffc0447b3c685a9f862ffb5b43e70ea6beec2fb8057d5d2a1fea \
--hash=sha256:d8c1d679df4361408b628f42b26a5d62bd3e9ba7f0c0e7969f925021554755aa \
Expand All @@ -294,6 +298,34 @@ more-itertools==10.2.0 \
--hash=sha256:686b06abe565edfab151cb8fd385a05651e1fdf8f0a14191e4439283421f8684 \
--hash=sha256:8fccb480c43d3e99a00087634c06dd02b0d50fbf088b380de5a41a015ec239e1
# via -r requirements/requirements.in
mysql-connector-python==8.3.0 \
--hash=sha256:0deb38f05057e12af091a48e03a1ff00e213945880000f802879fae5665e7502 \
--hash=sha256:125714c998a697592bc56cce918a1acc58fadc510a7f588dbef3e53a1920e086 \
--hash=sha256:1db5b48b4ff7d24344217ed2418b162c7677eec86ab9766dc0e5feae39c90974 \
--hash=sha256:201e609159b84a247be87b76f5deb79e8c6b368e91f043790e62077f13f3fed8 \
--hash=sha256:27f8be2087627366a44a6831ec68b568c98dbf0f4ceff24682d90c21db6e0f1f \
--hash=sha256:4be4165e4cd5acb4659261ddc74e9164d2dfa0d795d5695d52f2bf39ea0762fa \
--hash=sha256:51d97bf771519829797556718d81e8b9bdcd0a00427740ca57c085094c8bde17 \
--hash=sha256:55cb57d8098c721abce20fdef23232663977c0e5c87a4d0f9f73466f32c7d168 \
--hash=sha256:5718e426cf67f041772d4984f709052201883f74190ba6feaddce5cbd3b99e6f \
--hash=sha256:5e2c86c60be08c71bae755d811fe8b89ec4feb8117ec3440ebc6c042dd6f06bc \
--hash=sha256:5f707a9b040ad4700fc447ba955c78b08f2dd5affde37ac2401918f7b6daaba3 \
--hash=sha256:73ee8bc5f9626c42b37342a91a825cddb3461f6bfbbd6524d8ccfd3293aaa088 \
--hash=sha256:77bae496566d3da77bb0e938d89243103d20ee41633f626a47785470451bf45c \
--hash=sha256:7f4f5fa844c19ee3a78c4606f6e138b06829e75469592d90246a290c7befc322 \
--hash=sha256:85fa878fdd6accaeb7d609bd2637c2cfa61592e7f9bdbdc0da18b2fa998d3d5a \
--hash=sha256:9302d774025e76a0fac46bfeea8854b3d6819715a6a16ff23bfcda04218a76b7 \
--hash=sha256:b2901391b651d60dab3cc8985df94976fc1ea59fa7324c5b19d0a4177914c8dd \
--hash=sha256:c57d02fd6c28be444487e7905ede09e3fecb18377cf82908ca262826369d3401 \
--hash=sha256:de0f2f2baa9e091ca8bdc4a091f874f9cd0b84b256389596adb0e032a05fe9f9 \
--hash=sha256:de5c3ee89d9276356f93df003949d3ba4c486f32fec9ec9fd7bc0caab124d89c \
--hash=sha256:de74055944b214bff56e1752ec213d705c421414c67a250fb695af0c5c214135 \
--hash=sha256:e4ff23aa8036b4c5b6463fa81398bb5a528a29f99955de6ba937f0bba57a2fe3 \
--hash=sha256:e868ccc7ad9fbc242546db04673d89cee87d12b8139affd114524553df4e5d6a \
--hash=sha256:ec6dc3434a7deef74ab04e8978f6c5e181866a5423006c1b5aec5390a189d28d \
--hash=sha256:f4ee7e07cca6b744874d60d6b0b24817d9246eb4e8d7269b7ddbe68763a0bd13 \
--hash=sha256:f7acacdf9fd4260702f360c00952ad9a9cc73e8b7475e0d0c973c085a3dd7b7d
# via -r requirements/requirements.in
mysqlclient==2.2.1 \
--hash=sha256:1f8889cc5f0141bb307b915e981a66793df663ace92259344661084a7dd8d12a \
--hash=sha256:2c7ad15b87293b12fd44b47c46879ec95ec647f4567e866ccd70b8337584e9b2 \
Expand Down
Loading

0 comments on commit 30b2f47

Please sign in to comment.