diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 978c8b3..2b5ccc3 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -29,8 +29,10 @@ jobs: git clone --depth 1 --branch "${GITHUB_REF_NAME}" \ "https://oauth2:${{ github.token }}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git" . - - name: Install dev tools - run: pip install -q ruff mypy + - name: Install dependencies + run: | + pip install -q -r requirements.txt + pip install -q ruff mypy - name: Python syntax check run: python -m py_compile run.py wsgi.py app/*.py app/**/*.py diff --git a/tests/fuzz/run_fuzz.py b/tests/fuzz/run_fuzz.py index f2ad738..4724956 100755 --- a/tests/fuzz/run_fuzz.py +++ b/tests/fuzz/run_fuzz.py @@ -195,6 +195,7 @@ class FlaskPasteFuzzer: start = time.perf_counter() try: + assert parsed.hostname is not None conn = http.client.HTTPConnection(parsed.hostname, parsed.port, timeout=timeout) hdrs = headers or {} if data: @@ -319,15 +320,15 @@ class FlaskPasteFuzzer: errors = [] # Paste content fuzzing - payloads = [ + payloads: list[bytes] = [ b"normal text", b"\x00" * 100, # Null bytes b"\xff" * 100, # High bytes os.urandom(1000), # Random binary b"A" * 100000, # Large payload "".join(random.choices(string.printable, k=1000)).encode(), - "\u202e" * 100, # RTL override - "A\u0300" * 100, # Combining characters + ("\u202e" * 100).encode("utf-8"), # RTL override + ("A\u0300" * 100).encode("utf-8"), # Combining characters ] for payload in payloads: @@ -841,7 +842,7 @@ class FlaskPasteFuzzer: report.append(f"Total requests: {total_requests}") report.append(f"Total findings: {len(self.findings)}") - by_severity = {} + by_severity: dict[str, int] = {} for f in self.findings: by_severity[f.severity] = by_severity.get(f.severity, 0) + 1