Sulkta-OSS/adacam-api
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

audit follow-ups: deps floor, LICENSE, gate /debug/redis-keys

Browse source 
- requirements.txt: bump floors past known CVEs (flask>=2.3.2 fixes
  CVE-2023-30861, requests>=2.32.0 fixes CVE-2023-32681 + CVE-2024-35195,
  redis>=5.0 fixes CVE-2023-28858/9).
- LICENSE: add MIT text (README claimed MIT but the file was missing).
- /api/1/debug/redis-keys: require auth. Was unauthenticated info-disclosure
  on the LAN/AP side.
This commit is contained in:
Cobb Hayes 2026-05-27 09:22:12 -07:00
parent 81a6d18c1d
commit beead1d6b0
3 changed files with 25 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
adacam_api/app.py
View file

@ -112,6 +112,7 @@ def create_app():
# ── DEBUG ENDPOINTS ────────────────────────────────────────────────────
@app.route('/api/1/debug/redis-keys')
@require_auth
def redis_keys():
"""Debug endpoint — list Redis keys for GPS/IMU troubleshooting."""
try: