New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use the new url for CPAN, in https #569

Merged
merged 3 commits into from Jul 19, 2018

Conversation

Projects
None yet
3 participants
@mscherer
Copy link
Contributor

mscherer commented Jul 18, 2018

While there is likely no practical issue, I suspect we should be cautious
and not parse XML download in cleartext, given the rather large
amount of issues with XML parsing in the past:

https://www.owasp.org/index.php/XML_Security_Cheat_Sheet

Use the new url for CPAN, in https
While there is likely no practical issue, I suspect we should be cautious
and not parse XML download in cleartext, given the rather large
amount of issues with XML parsing in the past:

   https://www.owasp.org/index.php/XML_Security_Cheat_Sheet
@jeremycline

This comment has been minimized.

Copy link
Member

jeremycline commented Jul 19, 2018

Hi @mscherer, thanks for the PR!

It looks like this fixes #558. I'll fix up the tests and get this merged.

jeremycline added a commit to mscherer/anitya that referenced this pull request Jul 19, 2018

Add release notes for PR release-monitoring#569
Signed-off-by: Jeremy Cline <jcline@redhat.com>
@codecov-io

This comment has been minimized.

Copy link

codecov-io commented Jul 19, 2018

Codecov Report

Merging #569 into master will decrease coverage by 0.05%.
The diff coverage is 92.85%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #569      +/-   ##
==========================================
- Coverage   89.51%   89.45%   -0.06%     
==========================================
  Files          54       54              
  Lines        2556     2561       +5     
  Branches      327      327              
==========================================
+ Hits         2288     2291       +3     
- Misses        201      203       +2     
  Partials       67       67
Impacted Files Coverage Δ
anitya/lib/backends/cpan.py 93.54% <92.85%> (-6.46%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a27c2b7...f93de62. Read the comment docs.

@jeremycline jeremycline force-pushed the mscherer:update_cpan_url branch from ff8d6b8 to cb923f3 Jul 19, 2018

jeremycline added a commit to mscherer/anitya that referenced this pull request Jul 19, 2018

Add release notes for PR release-monitoring#569
Signed-off-by: Jeremy Cline <jcline@redhat.com>

jeremycline added some commits Jul 19, 2018

Update check_feed to use defusedxml
We already depend on defusedxml (indirectly) so pull it in explicitly
and use it for XML parsing. Additionally, more gracefully handle
failures to split titles. This updates the HTTP recordings for metacpan.

Signed-off-by: Jeremy Cline <jcline@redhat.com>
Add release notes for PR #569
Signed-off-by: Jeremy Cline <jcline@redhat.com>

@jeremycline jeremycline force-pushed the mscherer:update_cpan_url branch from cb923f3 to f93de62 Jul 19, 2018

@jeremycline jeremycline merged commit 22016d8 into release-monitoring:master Jul 19, 2018

3 checks passed

codecov/patch 92.85% of diff hit (target 89.51%)
Details
codecov/project Absolute coverage decreased by -0.05% but relative coverage increased by +3.34% compared to a27c2b7
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment