-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpyproject.toml
More file actions
60 lines (54 loc) · 2.21 KB
/
pyproject.toml
File metadata and controls
60 lines (54 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
[build-system]
requires = ["setuptools>=42", "wheel"]
build-backend = "setuptools.build_meta"
[project]
name = "python-bad-project"
version = "0.4.0"
description = "A project with intentional vulnerabilities for testing purposes"
readme = "README.md"
requires-python = ">=3.8,<3.9"
license = {text = "MIT"}
authors = [
{name = "Project Author", email = "diamantis.sellis@cosmotech.com"}
]
dependencies = [
# Core dependencies with known vulnerabilities
"django==2.2.0", # Multiple CVEs including SQL injection vulnerabilities
"flask==0.12.3", # Multiple CVEs including security issues
"cryptography==2.8", # Older version with known vulnerabilities
"requests==2.21.0", # Updated for tensorflow 2.3.0 compatibility
"pillow==6.2.0", # Multiple CVEs including memory corruption vulnerabilities
"pyyaml==5.1", # Code execution vulnerability
"jinja2==2.9.6", # Server-side template injection vulnerability, compatible with Flask 0.12.3
# Database dependencies
"sqlalchemy==1.3.0", # SQL injection vulnerabilities
"pymongo==3.7.0", # Older version with security issues
"mysql-connector-python>=8.0.22", # Updated for Python 3.8 compatibility
# Web framework dependencies
"werkzeug==0.14.1", # Security issues, compatible with Flask 0.12.3
"tornado==5.0.2", # Security vulnerabilities
# Utility dependencies
"urllib3==1.24.2", # HTTPS certificate validation issues
"paramiko==2.4.2", # Authentication bypass vulnerability
# Dependencies with various licenses for license compliance testing
"matplotlib==3.0.3", # GPL-compatible license
"chardet==3.0.4", # LGPL license
"pandas==0.25.3", # BSD license
"tensorflow==2.3.0", # Compatible with werkzeug 0.14.1 and Python 3.8
# Security-related dependencies
"argon2-cffi==19.2.0", # For secure password hashing, compatible with Python 3.7
]
[project.optional-dependencies]
dev = [
# Development dependencies
"pytest>=6.0.0", # Updated for Python 3.8 compatibility
"pylint>=2.6.0", # Updated for Python 3.8 compatibility
"pytest-cov>=4.1.0",
]
[tool.setuptools]
packages = ["src"]
[tool.pytest.ini_options]
testpaths = ["tests"]
[tool.pylint]
max-line-length = 100
disable = ["C0111", "C0103"]