Skip to content

chore: fix audit issue#618

Merged
neilcampbell merged 1 commit intomainfrom
chore/audit-fix
Apr 23, 2025
Merged

chore: fix audit issue#618
neilcampbell merged 1 commit intomainfrom
chore/audit-fix

Conversation

@neilcampbell
Copy link
Contributor

@neilcampbell neilcampbell commented Mar 21, 2025

Resolves the audit issues against the cryptography package.

The Auth0 package has relaxed their version constraints in auth0/auth0-python#660, which indicates that the latest version is compatible with the latest cryptography and pyjwt packages. I diffed the latest version of the Auth0 token_verifier.py against the copy we have vendored and nothing meaningful has changed.

Additionally I have tested the dispenser features to confirm everything functions correctly.

@neilcampbell neilcampbell requested a review from aorumbayev March 21, 2025 03:24
@github-actions
Copy link

github-actions bot commented Mar 21, 2025
edited
Loading

Coverage

Coverage Report
FileStmtsMissCoverMissing
src/algokit
   __init__.py15753%6–13, 17–24, 32–34
   __main__.py440%1–6
src/algokit/cli
   __init__.py47394%31–34
   codespace.py50982%28, 114, 137, 150–155
   completions.py108992%63–64, 83, 93–99
   dispenser.py121199%77
   doctor.py90891%159, 171–173, 197–198, 202–203
   explore.py631576%35–40, 42–47, 85–92, 113
   generate.py60395%76–77, 155
   goal.py54689%67, 85, 96, 107–109
   init.py3102492%493–494, 499–500, 503, 524, 527–529, 540, 544, 602, 628, 657, 690, 699–701, 704–709, 722, 741, 753–754
   localnet.py1643280%67, 88–115, 164–168, 212, 233, 248–258, 271, 322, 343–344
   task.py34391%25–28
src/algokit/cli/common
   utils.py37295%137, 139
src/algokit/cli/compilers
   typescript.py28196%59
src/algokit/cli/project
   bootstrap.py33197%33
   deploy.py1172083%47, 49, 102, 125, 147–149, 270, 277, 291–299, 302–311
   link.py811285%60, 65–66, 109–114, 142–143, 212–213, 217
   list.py33585%21–23, 51–56
   run.py46296%38, 174
src/algokit/cli/tasks
   analyze.py81199%81
   assets.py841385%70–71, 77, 79–80, 110, 125, 135–136, 144, 146, 148–149
   ipfs.py51884%52, 80, 92, 94–95, 105–107
   mint.py1061586%51, 73, 100–103, 108, 113, 131–132, 158, 335–339
   send_transaction.py651085%52–53, 57, 89, 158, 170–174
   sign_transaction.py59886%21, 28–30, 71–72, 109, 123
   transfer.py35197%80
   utils.py1144660%24–32, 38–41, 73–74, 98–99, 123–131, 150–160, 207, 256–257, 277–288, 295–297, 319
   vanity_address.py561082%41, 45–48, 112, 114, 121–123
   wallet.py79495%21, 66, 136, 162
src/algokit/core
   codespace.py1756861%34–37, 41–44, 48–71, 111–112, 125–133, 191, 200–202, 210, 216–217, 229–236, 251–298, 311–313, 338–344, 348, 395
   conf.py57984%12, 24, 28, 36, 38, 73–75, 80
   dispenser.py2022687%92, 124–125, 142–150, 192–193, 199–201, 219–220, 260–261, 319, 333–335, 346–347, 357, 370, 385
   doctor.py65789%67–69, 92–94, 134
   generate.py50394%44, 85, 103
   goal.py65494%21, 36–37, 47
   init.py721086%53, 57–62, 70, 81, 88, 114–115
   log_handlers.py68790%50–51, 63, 112–116, 125
   proc.py45198%100
   sandbox.py2782392%32, 89–92, 97, 101–103, 176, 224–231, 242, 613, 629, 654, 662
   typed_client_generation.py2082289%84–86, 132, 162–167, 191, 194–197, 215, 218–221, 288, 294, 297–300
   utils.py1725369%25–27, 46, 65–66, 72–84, 140–146, 170, 173, 179–192, 221–223, 252–255, 277, 297–307
src/algokit/core/_vendor/auth0/authentication
   token_verifier.py15711129%16, 45, 58, 73–85, 98–107, 119–124, 136–137, 140, 170, 178–180, 190–199, 206–213, 227–236, 258, 280–287, 314–323, 333–444
src/algokit/core/compilers
   python.py28582%19–20, 25, 49–50
   typescript.py461078%26, 32, 35–38, 78–79, 88–89
src/algokit/core/config_commands
   container_engine.py412149%24, 29–31, 47–76
   version_prompt.py921485%37–38, 68, 87–90, 108, 118–125, 148
src/algokit/core/project
   __init__.py53394%50, 86, 145
   bootstrap.py125894%47, 126–127, 149, 176, 216–218
   deploy.py69987%108–111, 120–122, 126, 131
   run.py1321390%83, 88, 97–98, 133–134, 138–139, 143, 147, 277–278, 293
src/algokit/core/tasks
   analyze.py93397%105–112, 187
   ipfs.py63789%58–64, 140, 144, 146, 152
   nfd.py491373%25, 31, 34–41, 70–72, 99–101
   vanity_address.py903462%49–50, 54, 59–75, 92–108, 128–131
   wallet.py71593%37, 129, 155–157
src/algokit/core/tasks/mint
   mint.py74988%123–133
   models.py921782%50, 52, 57, 71–74, 81–90
TOTAL511279884% 

Tests Skipped Failures Errors Time
523 0 💤 0 ❌ 0 🔥 40.949s ⏱️

@neilcampbell
Copy link
Contributor Author

neilcampbell commented Mar 21, 2025

This PR requires more effort to action, as cryptography 44+ ships with manylinux_2_34_* wheels. The ubuntu 20 agent we use for building binaries has a lower glibc version available and fails. A better approach is to refactor the binary build pipeline to use the method recently established in the puya repo.

@neilcampbell neilcampbell mentioned this pull request Apr 14, 2025
Merged
@neilcampbell neilcampbell reopened this Apr 23, 2025
@neilcampbell neilcampbell requested a review from lempira April 23, 2025 01:56
@neilcampbell
Copy link
Contributor Author

neilcampbell commented Apr 23, 2025

Now that we're building on ubuntu 22 agents, this PR can be re-opened without any changes to the build configuration.

@neilcampbell neilcampbell merged commit 0a61476 into main Apr 23, 2025
17 checks passed
@neilcampbell neilcampbell deleted the chore/audit-fix branch April 23, 2025 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lempira lempira lempira approved these changes

@aorumbayev aorumbayev Awaiting requested review from aorumbayev

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@neilcampbell @lempira