Skip to content

Commit

Permalink
FIX: Fix type error in CORS headers
Browse files Browse the repository at this point in the history 
I was using the set union operator | on 2 lists. Fixed it
  • Loading branch information
@sanand0
sanand0 committed Oct 23, 2023
1 parent 287017e commit fc753a2
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 10 deletions.
4 changes: 2 additions & 2 deletions gramex/handlers/basehandler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,7 @@ def _cors_options(self, *args, **kwargs):

# Check if headers is in cors.headers
headers = self.request.headers.get('Access-Control-Request-Headers', '')
headers = self.get_list(headers, 'headers', '', caps=False)
headers = self.get_list(headers, 'headers', '', caps=False))
allowed_headers = {h.lower() for h in self._cors['headers']}
diff = set()
if '*' not in allowed_headers:
Expand All @@ -260,7 +260,7 @@ def _cors_options(self, *args, **kwargs):
self._all_methods if '*' in self._cors['methods'] else ', '.join(self._cors['methods'])
)
self.set_header('Access-Control-Allow-Methods', methods)
headers |= self._cors['headers']
headers = set(headers) | set(self._cors['headers'])
if '*' in headers:
headers.remove('*')
headers.update(self._all_headers)
Expand Down
20 changes: 12 additions & 8 deletions reports/trivy.txt
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@

gramener/gramex:1.93.1 (alpine 3.17.5)
gramener/gramex:1.93.2 (alpine 3.17.5)
======================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


Python (python-pkg)
===================
Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌─────────────────────────┬─────────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────────────────────┼─────────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────┤
│ cryptography (METADATA) │ GHSA-v8gr-m533-ghj9 │ LOW │ fixed │ 41.0.3 │ 41.0.4 │ Vulnerable OpenSSL included in cryptography wheels │
│ │ │ │ │ │ │ https://github.com/advisories/GHSA-v8gr-m533-ghj9 │
└─────────────────────────┴─────────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────┘
┌─────────────────────────┬─────────────────────┬──────────┬────────┬───────────────────┬────────────────┬─────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────────────────────┼─────────────────────┼──────────┼────────┼───────────────────┼────────────────┼─────────────────────────────────────────────────────┤
│ cryptography (METADATA) │ GHSA-v8gr-m533-ghj9 │ LOW │ fixed │ 41.0.3 │ 41.0.4 │ Vulnerable OpenSSL included in cryptography wheels │
│ │ │ │ │ │ │ https://github.com/advisories/GHSA-v8gr-m533-ghj9 │
├─────────────────────────┼─────────────────────┼──────────┤ ├───────────────────┼────────────────┼─────────────────────────────────────────────────────┤
│ urllib3 (METADATA) │ CVE-2023-43804 │ MEDIUM │ │ 1.26.16 │ 2.0.6, 1.26.17 │ `Cookie` HTTP header isn't stripped on cross-origin │
│ │ │ │ │ │ │ redirects │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-43804 │
└─────────────────────────┴─────────────────────┴──────────┴────────┴───────────────────┴────────────────┴─────────────────────────────────────────────────────┘

0 comments on commit fc753a2

Please sign in to comment.