From d49d5dda344f0a458c020a8a3c0032480e6b57d5 Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Thu, 23 May 2024 11:48:10 +0400 Subject: [PATCH 1/6] Fix requests 2.32 compatibility --- elastic_transport/_node/_http_requests.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/elastic_transport/_node/_http_requests.py b/elastic_transport/_node/_http_requests.py index 19cec37..e439865 100644 --- a/elastic_transport/_node/_http_requests.py +++ b/elastic_transport/_node/_http_requests.py @@ -169,7 +169,16 @@ def __init__(self, config: NodeConfig): ) # Preload the HTTPConnectionPool so initialization issues # are raised here instead of in perform_request() - adapter.get_connection(self.base_url) # type: ignore[no-untyped-call] + if hasattr(adapter, "get_connection_with_tls_context"): + adapter.get_connection_with_tls_context( + requests.Request(url=self.base_url), verify=self.session.verify + ) + else: + # elastic-transport is not vulnerable to CVE-2024-35195 because it uses + # requests.Session and an SSLContext without using the verify parameter. + # We should remove this branch when requiring requests 2.32 or later. + adapter.get_connection(self.base_url) # type: ignore [no-untyped-call] + self.session.mount(prefix=f"{self.scheme}://", adapter=adapter) def perform_request( From 56d1e6832d0b438ee7cee3ab0f8dea6a14a89eb8 Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Thu, 23 May 2024 11:59:42 +0400 Subject: [PATCH 2/6] Fix lint --- elastic_transport/_node/_http_requests.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/elastic_transport/_node/_http_requests.py b/elastic_transport/_node/_http_requests.py index e439865..4b2d502 100644 --- a/elastic_transport/_node/_http_requests.py +++ b/elastic_transport/_node/_http_requests.py @@ -170,14 +170,16 @@ def __init__(self, config: NodeConfig): # Preload the HTTPConnectionPool so initialization issues # are raised here instead of in perform_request() if hasattr(adapter, "get_connection_with_tls_context"): + request = requests.Request(url=self.base_url) + prepared_request = self.session.prepare_request(request) adapter.get_connection_with_tls_context( - requests.Request(url=self.base_url), verify=self.session.verify + prepared_request, verify=self.session.verify ) else: # elastic-transport is not vulnerable to CVE-2024-35195 because it uses # requests.Session and an SSLContext without using the verify parameter. # We should remove this branch when requiring requests 2.32 or later. - adapter.get_connection(self.base_url) # type: ignore [no-untyped-call] + adapter.get_connection(self.base_url) self.session.mount(prefix=f"{self.scheme}://", adapter=adapter) From 8a222e2c9b81dc9f7a1e4583de59ecc0d4c4d803 Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Thu, 23 May 2024 12:02:53 +0400 Subject: [PATCH 3/6] Fix prepared request --- elastic_transport/_node/_http_requests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elastic_transport/_node/_http_requests.py b/elastic_transport/_node/_http_requests.py index 4b2d502..941e3cc 100644 --- a/elastic_transport/_node/_http_requests.py +++ b/elastic_transport/_node/_http_requests.py @@ -170,7 +170,7 @@ def __init__(self, config: NodeConfig): # Preload the HTTPConnectionPool so initialization issues # are raised here instead of in perform_request() if hasattr(adapter, "get_connection_with_tls_context"): - request = requests.Request(url=self.base_url) + request = requests.Request(method="GET", url=self.base_url) prepared_request = self.session.prepare_request(request) adapter.get_connection_with_tls_context( prepared_request, verify=self.session.verify From 204fd955c4ed895c5ff1182d492ed4fefc3047af Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Mon, 27 May 2024 17:15:25 +0400 Subject: [PATCH 4/6] Test minimum dependencies in CI --- .github/workflows/ci.yml | 11 +++++++++-- noxfile.py | 12 ++++++++++++ requirements-min.txt | 4 ++++ 3 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 requirements-min.txt diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f34f2d3..6b9f1c8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,9 +43,15 @@ jobs: python-version: ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"] os: ["ubuntu-latest"] experimental: [false] + nox-session: [''] + include: + - python-version: "3.7" + os: "ubuntu-latest" + experimental: false + nox-session: "test-min-deps" runs-on: ${{ matrix.os }} - name: test-${{ matrix.python-version }} + name: test-${{ matrix.python-version }} ${{ matrix-nox-session }} continue-on-error: ${{ matrix.experimental }} steps: - name: Checkout repository @@ -65,9 +71,10 @@ jobs: run: python -m pip install --upgrade nox - name: Run tests - run: "nox -rs test-${PYTHON_VERSION%-dev}" + run: nox -s ${NOX_SESSION:-test-$PYTHON_VERSION} env: PYTHON_VERSION: ${{ matrix.python-version }} + NOX_SESSION: ${{ matrix.nox-session }} # Required for development versions of Python AIOHTTP_NO_EXTENSIONS: 1 FROZENLIST_NO_EXTENSIONS: 1 diff --git a/noxfile.py b/noxfile.py index 18fe1a3..3f9db67 100644 --- a/noxfile.py +++ b/noxfile.py @@ -71,6 +71,18 @@ def test(session): session.run("coverage", "report", "-m") +@nox.session(name="test-min-deps", python="3.7") +def test_min_deps(session): + session.install("-r", "requirements-min.txt", ".[develop]", silent=False) + session.run( + "pytest", + "--cov=elastic_transport", + *(session.posargs or ("tests/",)), + env={"PYTHONWARNINGS": "always::DeprecationWarning"}, + ) + session.run("coverage", "report", "-m") + + @nox.session(python="3") def docs(session): session.install(".[develop]") diff --git a/requirements-min.txt b/requirements-min.txt new file mode 100644 index 0000000..b1da7ed --- /dev/null +++ b/requirements-min.txt @@ -0,0 +1,4 @@ +requests==2.26.0 +urllib3==1.26.2 +aiohttp==3.8.0 +httpx==0.27.0 From db6e12acae16716ed929f2bd789278a4f01cbca4 Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Mon, 27 May 2024 17:26:05 +0400 Subject: [PATCH 5/6] Fix typo in CI file --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6b9f1c8..f2c9d7d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -51,7 +51,7 @@ jobs: nox-session: "test-min-deps" runs-on: ${{ matrix.os }} - name: test-${{ matrix.python-version }} ${{ matrix-nox-session }} + name: test-${{ matrix.python-version }} ${{ matrix.nox-session }} continue-on-error: ${{ matrix.experimental }} steps: - name: Checkout repository From 4668bde5f983fbbc9e1d516e4b6b151be16a1c66 Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Mon, 27 May 2024 17:28:01 +0400 Subject: [PATCH 6/6] Test minimum dependencies on Python 3.8 --- .github/workflows/ci.yml | 2 +- noxfile.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f2c9d7d..9a75729 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,7 +45,7 @@ jobs: experimental: [false] nox-session: [''] include: - - python-version: "3.7" + - python-version: "3.8" os: "ubuntu-latest" experimental: false nox-session: "test-min-deps" diff --git a/noxfile.py b/noxfile.py index 3f9db67..a2435cf 100644 --- a/noxfile.py +++ b/noxfile.py @@ -71,7 +71,7 @@ def test(session): session.run("coverage", "report", "-m") -@nox.session(name="test-min-deps", python="3.7") +@nox.session(name="test-min-deps", python="3.8") def test_min_deps(session): session.install("-r", "requirements-min.txt", ".[develop]", silent=False) session.run(