From 90115808eef7da642b8591f16b88554437808be8 Mon Sep 17 00:00:00 2001 From: Erwan MATHIEU Date: Fri, 14 Mar 2025 11:38:45 +0100 Subject: [PATCH 1/2] Use yaml.safe_load instead of yaml.load CURA-12548 Note that this is not technically required, because external contributors can change it anyway. However, making this change will silent a security warning raised by an automatic analysis tool, and it doesn't hurt. --- printer-linter/src/terminal.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/printer-linter/src/terminal.py b/printer-linter/src/terminal.py index d93372571f..774c5b4de4 100644 --- a/printer-linter/src/terminal.py +++ b/printer-linter/src/terminal.py @@ -21,7 +21,7 @@ def main() -> None: parser.add_argument("--diagnose", action="store_true", help="Diagnose the files") parser.add_argument("--deleted", action="store_true", help="Check for deleted files") parser.add_argument("--fix", action="store_true", help="Attempt to apply the suggested fixes on the files") - parser.add_argument("Files", metavar="F", type=Path, nargs="+", help="Files or directories to format") + parser.add_argument("Files", type=Path, nargs="+", help="Files or directories to format") args = parser.parse_args() files = extractFilePaths(args.Files) @@ -39,7 +39,7 @@ def main() -> None: return with open(setting_path, "r") as f: - settings = yaml.load(f, yaml.FullLoader) + settings = yaml.safe_load(f) full_body_check = {"Diagnostics": []} comments_check = {"Error Files": []} From 67d4afb97ee22faa7a782791e235382b49ffe6f2 Mon Sep 17 00:00:00 2001 From: Erwan MATHIEU Date: Fri, 14 Mar 2025 12:00:24 +0100 Subject: [PATCH 2/2] Use HSTS for local OAuth2 callback server CURA-12458 This prevents possible man-in-the-middle attacks from within the user PC. Not very likely, but still a good practice. --- cura/OAuth2/AuthorizationRequestHandler.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cura/OAuth2/AuthorizationRequestHandler.py b/cura/OAuth2/AuthorizationRequestHandler.py index 9affee9911..5263cb8c2d 100644 --- a/cura/OAuth2/AuthorizationRequestHandler.py +++ b/cura/OAuth2/AuthorizationRequestHandler.py @@ -127,6 +127,7 @@ class AuthorizationRequestHandler(BaseHTTPRequestHandler): def _sendHeaders(self, status: "ResponseStatus", content_type: str, redirect_uri: str = None) -> None: self.send_response(status.code, status.message) self.send_header("Content-type", content_type) + self.send_header("Strict-Transport-Security", "max-age=900") if redirect_uri: self.send_header("Location", redirect_uri) self.end_headers()