Use natlas' libnmap instead of the unmaintained libnmap #318
Conversation
|
Code Climate has analyzed commit 705443c and detected 0 issues on this pull request. View more on Code Climate. |
|
@ajacques Hey look the underlying library has tests and even has an explicit test for the payload that resulted in the CVE https://github.com/natlas/natlas-libnmap/blob/master/libnmap/test/test_new_parser.py#L7-L16 The library isn't setup in CI yet, but that shouldn't freeze this PR imo. |
0xdade
added
server
| "sha256": "e278b91636323422e2ed88595982159b19bf80a9ad87826d8153f9b7b6af431a" | ||
| "sha256": "b0e09cd3f29a45974b789b5971a552ed52a68a27b104785fd1c6d02391bf4c2f" |
There was a problem hiding this comment.
Why do so many hashes change when we install one new package?
There was a problem hiding this comment.
The top hash is a hash of all the packages installed, I think. Then more hashes are changing because versions are getting bumped automatically per the rules in Pipfile which mostly say either "*" which matches any version, or ~=x.x which matches any compatible version. We could make this happen less often by restricting to specific versions in Pipfile, though I don't think there's any particular value in that.
Drafting to start to show it works, but we shouldn't merge this until natlas/python-libnmap gets detached to a standalone repository. Once we do that, I'll change the repo name and setup deployment to pypi so that we can pip install it like normal, probably under the name
natlas-libnmap.When this lands it will close #299