python/python-elastic-transport
SHA256
15
0
Fork 0
forked from pool/python-elastic-transport
Code Pull Requests Activity
Files
2dcbde1a2b0b9b85d71d6fd07e3fe6ae2a34afeb027feb0221b3b079c2d9bce4
python-elastic-transport/requests232.patch

88 lines
4.1 KiB
Diff
Raw Blame History

From d49d5dda344f0a458c020a8a3c0032480e6b57d5 Mon Sep 17 00:00:00 2001
From: Quentin Pradet <quentin.pradet@elastic.co>
Date: Thu, 23 May 2024 11:48:10 +0400
Subject: [PATCH 1/3] Fix requests 2.32 compatibility
---
elastic_transport/_node/_http_requests.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/elastic_transport/_node/_http_requests.py b/elastic_transport/_node/_http_requests.py
index 19cec37..e439865 100644
--- a/elastic_transport/_node/_http_requests.py
+++ b/elastic_transport/_node/_http_requests.py
@@ -169,7 +169,16 @@ def __init__(self, config: NodeConfig):
)
# Preload the HTTPConnectionPool so initialization issues
# are raised here instead of in perform_request()
- adapter.get_connection(self.base_url) # type: ignore[no-untyped-call]
+ if hasattr(adapter, "get_connection_with_tls_context"):
+ adapter.get_connection_with_tls_context(
+ requests.Request(url=self.base_url), verify=self.session.verify
+ )
+ else:
+ # elastic-transport is not vulnerable to CVE-2024-35195 because it uses
+ # requests.Session and an SSLContext without using the verify parameter.
+ # We should remove this branch when requiring requests 2.32 or later.
+ adapter.get_connection(self.base_url) # type: ignore [no-untyped-call]
+
self.session.mount(prefix=f"{self.scheme}://", adapter=adapter)
def perform_request(
From 56d1e6832d0b438ee7cee3ab0f8dea6a14a89eb8 Mon Sep 17 00:00:00 2001
From: Quentin Pradet <quentin.pradet@elastic.co>
Date: Thu, 23 May 2024 11:59:42 +0400
Subject: [PATCH 2/3] Fix lint
---
elastic_transport/_node/_http_requests.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/elastic_transport/_node/_http_requests.py b/elastic_transport/_node/_http_requests.py
index e439865..4b2d502 100644
--- a/elastic_transport/_node/_http_requests.py
+++ b/elastic_transport/_node/_http_requests.py
@@ -170,14 +170,16 @@ def __init__(self, config: NodeConfig):
# Preload the HTTPConnectionPool so initialization issues
# are raised here instead of in perform_request()
if hasattr(adapter, "get_connection_with_tls_context"):
+ request = requests.Request(url=self.base_url)
+ prepared_request = self.session.prepare_request(request)
adapter.get_connection_with_tls_context(
- requests.Request(url=self.base_url), verify=self.session.verify
+ prepared_request, verify=self.session.verify
)
else:
# elastic-transport is not vulnerable to CVE-2024-35195 because it uses
# requests.Session and an SSLContext without using the verify parameter.
# We should remove this branch when requiring requests 2.32 or later.
- adapter.get_connection(self.base_url) # type: ignore [no-untyped-call]
+ adapter.get_connection(self.base_url)
self.session.mount(prefix=f"{self.scheme}://", adapter=adapter)
From 8a222e2c9b81dc9f7a1e4583de59ecc0d4c4d803 Mon Sep 17 00:00:00 2001
From: Quentin Pradet <quentin.pradet@elastic.co>
Date: Thu, 23 May 2024 12:02:53 +0400
Subject: [PATCH 3/3] Fix prepared request
---
elastic_transport/_node/_http_requests.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/elastic_transport/_node/_http_requests.py b/elastic_transport/_node/_http_requests.py
index 4b2d502..941e3cc 100644
--- a/elastic_transport/_node/_http_requests.py
+++ b/elastic_transport/_node/_http_requests.py
@@ -170,7 +170,7 @@ def __init__(self, config: NodeConfig):
# Preload the HTTPConnectionPool so initialization issues
# are raised here instead of in perform_request()
if hasattr(adapter, "get_connection_with_tls_context"):
- request = requests.Request(url=self.base_url)
+ request = requests.Request(method="GET", url=self.base_url)
prepared_request = self.session.prepare_request(request)
adapter.get_connection_with_tls_context(
prepared_request, verify=self.session.verify
View Git Blame Copy Permalink