Commit graph

18 commits

Author SHA1 Message Date
Lauri Lubi
1ac262e34e Bots that prefetch should not destroy the secret (#100)
* Create preview view, remove sneaky-user-agents logic

* unit tests

* rename openSecret to viewSecret

* code clean-up and style

* rename view secret to reveal secret

* update authors list

* bump version to 1.5.0
2019-03-05 07:47:07 -08:00
Jon Parise
30db653f14 Upgrade to cryptography 2.3.1
This addresses CVE-2018-10903:

    A flaw was found in python-cryptography versions between >=1.9.0 and
    <2.3. The finalize_with_tag API did not enforce a minimum tag
    length. If a user did not validate the input length prior to passing
    it to finalize_with_tag an attacker could craft an invalid payload
    with a shortened tag (e.g. 1 byte) such that they would have a 1 in
    256 chance of passing the MAC check. GCM tag forgeries can cause key
    leakage.

... although snappass isn't affected because we doesn't use the
vulnerable `finalize_with_tag` API.
2018-10-31 09:39:18 -07:00
Nicholas Charriere
2b53eed348
Merge pull request #90 from samueldg/feature/support-python37
Feature/support python37
2018-07-15 20:12:20 -07:00
Samuel Dion-Girardeau
59196bea40 Update Trove classifier to include Python 3.7 2018-07-12 21:25:10 -04:00
Nicholas Charriere
04ead0da32 Bump version: 1.3.0 → 1.4.0 2018-07-03 08:22:23 -07:00
Nicholas Charriere
e45feb1cfd Bump version to 1.3.0 2018-05-07 09:23:51 -07:00
Nicholas Charriere
4cf28fb4cc Bump version: 1.1.1 → 1.2.0 2017-05-25 14:08:04 -07:00
Nicholas Charriere
9e5507e9f5 Bump version: 1.1.0 → 1.1.1 2017-05-25 14:07:56 -07:00
Samuel Dion-Girardeau
75639357ab Add cryptography in setup.py 2017-05-16 13:33:23 -04:00
Nicholas Charriere
e7da786016 Bump version fixing bumpversion workflow, minor 2017-04-28 09:47:46 -07:00
Nicholas Charriere
e1b3042ba7 Catchup version bump on release files 2017-04-28 09:42:12 -07:00
Samuel Dion-Girardeau
a60732d963 Add support for python 3.6
- Changed the Dockerfile to use `python:3.6` base image;
- Updated PyPI classifiers to include it;
- Added it to tox/travis environments for CI.
2017-01-08 19:24:10 -05:00
Samuel Dion-Girardeau
9177f0fab0 Fix flake8 command in development flow
- Missing setup.py, and wrong path for tests
- Removed extra new lines that was causing a warning
2016-08-22 20:32:22 -04:00
Samuel Dion-Girardeau
00f6964a90 Fix python2.6 support for tests
- "{}".format('foo') does not work on python2.6, as the index needs to be explicitly specified.
- assertIn(x, y) was only introduced in 2.7, reverting to assertTrue(x in y)

Updated test environments definitions and docs accordingly.
2016-08-12 18:47:02 -04:00
Samuel Dion-Girardeau
20635bdec8 Explicitly define all supported python environment
With only 3.5, travis-ci works, because 2.7, 3.3 and 3.4 interpreters
are present by default,  but it might break randomly at some point.

Definining all the versions explicitly, and using the tox-travis plugin
is more robust.

Also, 2.6 was removed from the "officially supported" python versions,
as the tests are not run (and don't pass).
2016-08-11 22:48:36 -04:00
Samuel Dion-Girardeau
28e19b51a7 Add support for python 3.3 in tox
And update associated documentation
2016-08-11 22:33:17 -04:00
Samuel Dion-Girardeau
6c3f8f6884 Ensure the egg is a directory, not a zip
Prevents NotADirectoryError's in flask templates

Ref.:
https://github.com/pallets/flask/issues/1562
https://github.com/pallets/flask/issues/1645
2016-07-18 17:37:54 -04:00
Dave Dash
eefe2bdc76 Prepare snappass for distribution. 2013-10-05 23:10:50 -07:00