[edk2-devel] [edk2-redfish-client][PATCH] Tool/Redfish-Profile-Simulator: fix Werkzeug security issue

Wed, 08 May 2024 01:09:47 -0700 

Upgrade Werkzeug to version 3.0.3 to address CVE-2024-34069

Signed-off-by: Nickle Wang <nick...@nvidia.com>
Cc: Abner Chang <abner.ch...@amd.com>
Cc: Igor Kulchytskyy <ig...@ami.com>
Cc: Nick Ramirez <nrami...@nvidia.com>
---
 Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py | 7 ++++---
 Tools/Redfish-Profile-Simulator/requirements.txt           | 6 ++----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py 
b/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
index 91c792a2b..58697328a 100644
--- a/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
+++ b/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
@@ -1,6 +1,7 @@
 # Copyright Notice:
 #
 # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 # Copyright Notice:
@@ -89,8 +90,8 @@ class PreconditionRequired(werkzeug.exceptions.HTTPException):
 
 def main(argv):
     #Monkey patch the set_etag() method for conditional request.
-    _old_set_etag = werkzeug.ETagResponseMixin.set_etag
-    @functools.wraps(werkzeug.ETagResponseMixin.set_etag)
+    _old_set_etag = werkzeug.wrappers.Response.set_etag
+    @functools.wraps(werkzeug.wrappers.Response.set_etag)
     def _new_set_etag(self, etag, weak=False):
         # only check the first time through; when called twice
         # we're modifying
@@ -107,7 +108,7 @@ def main(argv):
                 raise NotModified
             flask.g.condtnl_etags_start = False
         _old_set_etag(self, etag, weak)
-    werkzeug.ETagResponseMixin.set_etag = _new_set_etag
+    werkzeug.wrappers.Response.set_etag = _new_set_etag
 
     # set default option args
     rf_profile_path = os.path.abspath("./MockupData/SimpleOcpServerV1")
diff --git a/Tools/Redfish-Profile-Simulator/requirements.txt 
b/Tools/Redfish-Profile-Simulator/requirements.txt
index 359a81446..83d2d8130 100644
--- a/Tools/Redfish-Profile-Simulator/requirements.txt
+++ b/Tools/Redfish-Profile-Simulator/requirements.txt
@@ -1,5 +1,3 @@
-Werkzeug==0.16
-Jinja2==3.0.3
-itsdangerous==2.0.1
-flask==1.1.1
+Werkzeug>=3.0.3
+flask==3.0.0
 pyOpenSSL
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118664): https://edk2.groups.io/g/devel/message/118664
Mute This Topic: https://groups.io/mt/105977266/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to