From 9fcc37050c18ebbb03e9926da3e845178b44aa5d Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 9 Nov 2023 17:00:02 +0000 Subject: [PATCH 1/8] Create techstack.yml --- techstack.yml | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 techstack.yml diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 0000000..7f75eba --- /dev/null +++ b/techstack.yml @@ -0,0 +1,102 @@ +repo_name: yourkin/fastapi_simple_security +report_id: ee2ecec21b0acdc03b0711ef5fe78ca9 +repo_type: Public +timestamp: '2023-11-09T16:59:59+00:00' +requested_by: mrtolkien +provider: github +branch: master +detected_tools_count: 7 +tools: +- name: Python + description: A clear and powerful object-oriented programming language, comparable + to Perl, Ruby, Scheme, or Java. + website_url: https://www.python.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/993/pUBY5pVj.png + detection_source: Repo Metadata +- name: Docker + description: Enterprise Container Platform for High-Velocity Innovation. + website_url: https://www.docker.com/ + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Virtual Machine Platforms & Containers + image_url: https://img.stackshare.io/service/586/n4u37v9t_400x400.png + detection_source: Repo Metadata +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source: Repo Metadata +- name: GitHub Actions + description: Automate your workflow from idea to production + website_url: https://github.com/features/actions + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/11563/actions.png + detection_source: ".github/workflows/release-please.yml" + last_updated_by: renovate[bot] + last_updated_on: 2022-11-26 18:06:08.000000000 Z +- name: PyPI + description: A repository of software for the Python programming language + website_url: https://pypi.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Hosted Package Repository + image_url: https://img.stackshare.io/service/12572/-RIWgodF_400x400.jpg + detection_source: pyproject.toml + last_updated_by: mrtolkien + last_updated_on: 2021-12-06 07:35:21.000000000 Z +- name: fastapi + description: FastAPI framework + package_url: https://pypi.org/fastapi + version: 0.98.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20520/default_ded6d17aa418fbd05ff28b85345c77ab878c6b37.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: mrtolkien + last_updated_on: 2022-05-06 08:21:03.000000000 Z +- name: urllib3 + description: HTTP library with thread-safe connection pooling + package_url: https://pypi.org/urllib3 + version: 2.0.3 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19842/default_4604ff5dcb7f4d9c7b3833591c2142493951b19c.png + detection_source_url: poetry.lock + detection_source: pyproject.toml + last_updated_by: mrtolkien + last_updated_on: 2022-10-17 23:45:50.000000000 Z + vulnerabilities: + - name: urllib3's request body not stripped after redirect from 303 status changes + request method to GET + cve_id: CVE-2023-45803 + cve_url: https://github.com/advisories/GHSA-g4mx-q9vg-27p4 + detected_date: Oct 18 + severity: moderate + first_patched: 2.0.7 + - name: "`Cookie` HTTP header isn't stripped on cross-origin redirects" + cve_id: CVE-2023-43804 + cve_url: https://github.com/advisories/GHSA-v845-jxx5-vc9f + detected_date: Oct 3 + severity: moderate + first_patched: 2.0.6 From aa76678197d943c09bdfb3aec9098e138ea0fb07 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 9 Nov 2023 17:00:03 +0000 Subject: [PATCH 2/8] Create techstack.md --- techstack.md | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 techstack.md diff --git a/techstack.md b/techstack.md new file mode 100644 index 0000000..8763c66 --- /dev/null +++ b/techstack.md @@ -0,0 +1,94 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [yourkin/fastapi_simple_security](https://github.com/yourkin/fastapi_simple_security)![](https://img.stackshare.io/public_badge.svg "public") +

+|7
Tools used|11/09/23
Report generated| +|------|------| +
+ +## Languages (1) + + + + +
+ Python +
+ Python +
+ +
+ +## DevOps (4) + + + + + + + + + + +
+ Docker +
+ Docker +
+ +		 + Git +
+ Git +
+ +		 + GitHub Actions +
+ GitHub Actions +
+ +		 + PyPI +
+ PyPI +
+ +
+ + +## Open source packages (2) + +## PyPI (2) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[fastapi](https://pypi.org/fastapi)|v0.98.0|05/06/22|mrtolkien |MIT|N/A| +|[urllib3](https://pypi.org/urllib3)|v2.0.3|10/17/22|mrtolkien |MIT|[CVE-2023-45803](https://github.com/advisories/GHSA-g4mx-q9vg-27p4) (Moderate)
[CVE-2023-43804](https://github.com/advisories/GHSA-v845-jxx5-vc9f) (Moderate)| + +
+
+ +Generated via [Stack File](https://github.com/apps/stack-file) From 17a4d0543d9476136ca068decf7ce2d55f7f0b09 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 4 Jan 2024 16:13:07 +0000 Subject: [PATCH 3/8] Update techstack.yml --- techstack.yml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/techstack.yml b/techstack.yml index 7f75eba..5e8aa42 100644 --- a/techstack.yml +++ b/techstack.yml @@ -1,7 +1,8 @@ repo_name: yourkin/fastapi_simple_security report_id: ee2ecec21b0acdc03b0711ef5fe78ca9 +version: 0.1 repo_type: Public -timestamp: '2023-11-09T16:59:59+00:00' +timestamp: '2024-01-04T15:08:37+00:00' requested_by: mrtolkien provider: github branch: master @@ -16,6 +17,7 @@ tools: category: Languages & Frameworks sub_category: Languages image_url: https://img.stackshare.io/service/993/pUBY5pVj.png + detection_source_url: https://github.com/yourkin/fastapi_simple_security detection_source: Repo Metadata - name: Docker description: Enterprise Container Platform for High-Velocity Innovation. @@ -26,6 +28,7 @@ tools: category: Build, Test, Deploy sub_category: Virtual Machine Platforms & Containers image_url: https://img.stackshare.io/service/586/n4u37v9t_400x400.png + detection_source_url: https://github.com/yourkin/fastapi_simple_security detection_source: Repo Metadata - name: Git description: Fast, scalable, distributed revision control system @@ -35,6 +38,7 @@ tools: category: Build, Test, Deploy sub_category: Version Control System image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/yourkin/fastapi_simple_security detection_source: Repo Metadata - name: GitHub Actions description: Automate your workflow from idea to production @@ -44,7 +48,8 @@ tools: category: Build, Test, Deploy sub_category: Continuous Integration image_url: https://img.stackshare.io/service/11563/actions.png - detection_source: ".github/workflows/release-please.yml" + detection_source_url: https://github.com/yourkin/fastapi_simple_security/blob/master/.github/workflows/pr_python_tests.yml + detection_source: ".github/workflows/pr_python_tests.yml" last_updated_by: renovate[bot] last_updated_on: 2022-11-26 18:06:08.000000000 Z - name: PyPI @@ -55,12 +60,13 @@ tools: category: Build, Test, Deploy sub_category: Hosted Package Repository image_url: https://img.stackshare.io/service/12572/-RIWgodF_400x400.jpg + detection_source_url: https://github.com/yourkin/fastapi_simple_security/blob/master/pyproject.toml detection_source: pyproject.toml last_updated_by: mrtolkien last_updated_on: 2021-12-06 07:35:21.000000000 Z - name: fastapi description: FastAPI framework - package_url: https://pypi.org/fastapi + package_url: https://pypi.org/project/fastapi version: 0.98.0 license: MIT open_source: true @@ -68,13 +74,13 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/20520/default_ded6d17aa418fbd05ff28b85345c77ab878c6b37.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/yourkin/fastapi_simple_security/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: mrtolkien last_updated_on: 2022-05-06 08:21:03.000000000 Z - name: urllib3 description: HTTP library with thread-safe connection pooling - package_url: https://pypi.org/urllib3 + package_url: https://pypi.org/project/urllib3 version: 2.0.3 license: MIT open_source: true @@ -82,7 +88,7 @@ tools: category: Libraries sub_category: PyPI Packages image_url: https://img.stackshare.io/package/19842/default_4604ff5dcb7f4d9c7b3833591c2142493951b19c.png - detection_source_url: poetry.lock + detection_source_url: https://github.com/yourkin/fastapi_simple_security/blob/master/poetry.lock detection_source: pyproject.toml last_updated_by: mrtolkien last_updated_on: 2022-10-17 23:45:50.000000000 Z From 1633707e4376f5f11b0e9103b7d7ab52b4b6a637 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 4 Jan 2024 16:13:08 +0000 Subject: [PATCH 4/8] Update techstack.md --- techstack.md | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/techstack.md b/techstack.md index 8763c66..ad54b46 100644 --- a/techstack.md +++ b/techstack.md @@ -1,30 +1,34 @@
# Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [yourkin/fastapi_simple_security](https://github.com/yourkin/fastapi_simple_security)![](https://img.stackshare.io/public_badge.svg "public")

-|7
Tools used|11/09/23
Report generated| +|7
Tools used|01/04/24
Report generated| |------|------|
@@ -85,10 +89,10 @@ Full tech stack [here](/techstack.md) |NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| |:------|:------|:------|:------|:------|:------| -|[fastapi](https://pypi.org/fastapi)|v0.98.0|05/06/22|mrtolkien |MIT|N/A| -|[urllib3](https://pypi.org/urllib3)|v2.0.3|10/17/22|mrtolkien |MIT|[CVE-2023-45803](https://github.com/advisories/GHSA-g4mx-q9vg-27p4) (Moderate)
[CVE-2023-43804](https://github.com/advisories/GHSA-v845-jxx5-vc9f) (Moderate)| +|[fastapi](https://pypi.org/project/fastapi)|v0.98.0|05/06/22|mrtolkien |MIT|N/A| +|[urllib3](https://pypi.org/project/urllib3)|v2.0.3|10/17/22|mrtolkien |MIT|[CVE-2023-45803](https://github.com/advisories/GHSA-g4mx-q9vg-27p4) (Moderate)
[CVE-2023-43804](https://github.com/advisories/GHSA-v845-jxx5-vc9f) (Moderate)|
-Generated via [Stack File](https://github.com/apps/stack-file) +Generated via [Stack File](https://github.com/marketplace/stack-file) From 62a8a18287242c73779b33777a1d6e60c6cc5c09 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 5 Jan 2024 09:40:42 +0000 Subject: [PATCH 5/8] Update techstack.yml --- techstack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.yml b/techstack.yml index 5e8aa42..f38e01e 100644 --- a/techstack.yml +++ b/techstack.yml @@ -2,7 +2,7 @@ repo_name: yourkin/fastapi_simple_security report_id: ee2ecec21b0acdc03b0711ef5fe78ca9 version: 0.1 repo_type: Public -timestamp: '2024-01-04T15:08:37+00:00' +timestamp: '2024-01-05T09:12:20+00:00' requested_by: mrtolkien provider: github branch: master From 28346342ee19813ad80665b56420e775e1ae366d Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 5 Jan 2024 09:40:43 +0000 Subject: [PATCH 6/8] Update techstack.md --- techstack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.md b/techstack.md index ad54b46..b3b4bd1 100644 --- a/techstack.md +++ b/techstack.md @@ -28,7 +28,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [yourkin/fastapi_simple_security](https://github.com/yourkin/fastapi_simple_security)![](https://img.stackshare.io/public_badge.svg "public")

-|7
Tools used|01/04/24
Report generated| +|7
Tools used|01/05/24
Report generated| |------|------|
From 12bdaa0bde730abd6aa5e844c1dfc6e5470ac9e8 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 29 Feb 2024 20:17:09 +0000 Subject: [PATCH 7/8] Update techstack.yml --- techstack.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/techstack.yml b/techstack.yml index f38e01e..7de8aeb 100644 --- a/techstack.yml +++ b/techstack.yml @@ -2,7 +2,7 @@ repo_name: yourkin/fastapi_simple_security report_id: ee2ecec21b0acdc03b0711ef5fe78ca9 version: 0.1 repo_type: Public -timestamp: '2024-01-05T09:12:20+00:00' +timestamp: '2024-02-29T18:17:02+00:00' requested_by: mrtolkien provider: github branch: master @@ -78,6 +78,19 @@ tools: detection_source: pyproject.toml last_updated_by: mrtolkien last_updated_on: 2022-05-06 08:21:03.000000000 Z + vulnerabilities: + - name: 'Duplicate Advisory: FastAPI Content-Type Header ReDoS' + cve_id: + cve_url: https://github.com/advisories/GHSA-qf9m-vfgh-m389 + detected_date: Feb 6 + severity: high + first_patched: 0.109.1 + - name: python-multipart vulnerable to Content-Type Header ReDoS + cve_id: CVE-2024-24762 + cve_url: https://github.com/advisories/GHSA-2jv5-9r88-3w3p + detected_date: Feb 17 + severity: high + first_patched: 0.109.1 - name: urllib3 description: HTTP library with thread-safe connection pooling package_url: https://pypi.org/project/urllib3 From 36d89922cba9b31cc35d15d878bdfc525048d17b Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 29 Feb 2024 20:17:09 +0000 Subject: [PATCH 8/8] Update techstack.md --- techstack.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/techstack.md b/techstack.md index b3b4bd1..d74b0d3 100644 --- a/techstack.md +++ b/techstack.md @@ -4,8 +4,8 @@ yourkin/fastapi_simple_security is built on the following main stack: - [Python](https://www.python.org) – Languages -- [GitHub Actions](https://github.com/features/actions) – Continuous Integration - [Docker](https://www.docker.com/) – Virtual Machine Platforms & Containers +- [GitHub Actions](https://github.com/features/actions) – Continuous Integration Full tech stack [here](/techstack.md) @@ -16,8 +16,8 @@ Full tech stack [here](/techstack.md) yourkin/fastapi_simple_security is built on the following main stack: - Python [Python](https://www.python.org) – Languages -- GitHub Actions [GitHub Actions](https://github.com/features/actions) – Continuous Integration - Docker [Docker](https://www.docker.com/) – Virtual Machine Platforms & Containers +- GitHub Actions [GitHub Actions](https://github.com/features/actions) – Continuous Integration Full tech stack [here](/techstack.md) @@ -28,7 +28,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [yourkin/fastapi_simple_security](https://github.com/yourkin/fastapi_simple_security)![](https://img.stackshare.io/public_badge.svg "public")

-|7
Tools used|01/05/24
Report generated| +|7
Tools used|02/29/24
Report generated| |------|------|
@@ -89,7 +89,7 @@ Full tech stack [here](/techstack.md) |NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| |:------|:------|:------|:------|:------|:------| -|[fastapi](https://pypi.org/project/fastapi)|v0.98.0|05/06/22|mrtolkien |MIT|N/A| +|[fastapi](https://pypi.org/project/fastapi)|v0.98.0|05/06/22|mrtolkien |MIT|[](https://github.com/advisories/GHSA-qf9m-vfgh-m389) (High)
[CVE-2024-24762](https://github.com/advisories/GHSA-2jv5-9r88-3w3p) (High)| |[urllib3](https://pypi.org/project/urllib3)|v2.0.3|10/17/22|mrtolkien |MIT|[CVE-2023-45803](https://github.com/advisories/GHSA-g4mx-q9vg-27p4) (Moderate)
[CVE-2023-43804](https://github.com/advisories/GHSA-v845-jxx5-vc9f) (Moderate)|