Releases: devwithkrishna/example-python-application
v1.0.4
Pull Request Title: DEVOPS-326 hotfix commit fix log
Pull Request URL: PR Link
Opened By: githubofkrishnadhas
Merged: True
Description: DEVOPS-326 hotfix commit fix log
fix log error
Created At: 2025-04-17T16:59:22Z
Closed & Merged At: 2025-04-17T17:00:52Z
Assignees: githubofkrishnadhas
Total Commits: 1
What's Changed
- DEVOPS-326 hotfix commit fix log by @githubofkrishnadhas in #6
Full Changelog: v1.0.3...v1.0.4
Contributors
Assets 2
v1.0.3
Pull Request Title: Potential fix for code scanning alert no. 3: Log Injection
Pull Request URL: PR Link
Opened By: githubofkrishnadhas
Merged: True
Description: Potential fix for https://github.com/devwithkrishna/example-python-application/security/code-scanning/3
To fix the log injection issue, we need to sanitize the user-provided values before logging them. Specifically, we should remove any newline characters from the item.color and item.username values to prevent log injection attacks. This can be done using the replace method to replace \r\n and \n with empty strings.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Created At: 2025-04-12T19:26:51Z
Closed & Merged At: 2025-04-16T14:57:22Z
Assignees: githubofkrishnadhas
Total Commits: 1
What's Changed
- Potential fix for code scanning alert no. 3: Log Injection by @githubofkrishnadhas in #5
Full Changelog: v1.0.2...v1.0.3
Contributors
Assets 2
v1.0.2
Pull Request Title: If unsanitized user input is written to a log entry, a malicious user…
Pull Request URL: PR Link
Opened By: githubofkrishnadhas
Merged: True
Description: … may be able to forge new log entries.
Issue #1
To fix the log injection issue, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the user input to prevent log forgery. This can be done by replacing \r\n and \n with empty strings.
We will modify the code to sanitize the item before logging it. This involves converting the item to a string and then replacing any newline characters.
Created At: 2025-04-12T17:28:59Z
Closed & Merged At: 2025-04-12T17:30:51Z
Assignees: githubofkrishnadhas
Total Commits: 1
What's Changed
- If unsanitized user input is written to a log entry, a malicious user… by @githubofkrishnadhas in #4
Full Changelog: v1.0.1...v1.0.2
Contributors
Assets 2
v1.0.1
Pull Request Title: github workflow forimage push
Pull Request URL: PR Link
Opened By: githubofkrishnadhas
Merged: True
Description: None
Created At: 2025-04-12T15:54:54Z
Closed & Merged At: 2025-04-12T15:54:59Z
Assignees: githubofkrishnadhas
Total Commits: 1
What's Changed
- github workflow forimage push by @githubofkrishnadhas in #2
Full Changelog: v1.0.0...v1.0.1
Contributors
Assets 2
v1.0.0
Pull Request Title: Example python app with fast api
Pull Request URL: PR Link
Opened By: githubofkrishnadhas
Merged: True
Description: This project is a FastAPI-based Python application that allows users to submit their name and favorite color, with endpoints to retrieve the submitted data. It includes features like logging with JSON formatting, in-memory storage for demonstration purposes, and automated dependency management using Dependabot.
Key Features
API Endpoints:
- GET /: Root endpoint with a welcome message.
- GET /healthcheck: Healthcheck endpoint to verify service status.
- POST /usercolour/: Accepts a user's name and favorite color.
- GET /allusercolour/: Lists all submitted user-color mappings.
Logging:
Configured using python-json-logger for JSON-formatted logs.
Logs are set up for the application and Uvicorn server.
Dependency Management:
Uses Poetry for managing dependencies and packaging.
- Automated updates are configured via Dependabot.
Release Workflow:
A GitHub Actions workflow (release.yml) automates release creation when pull requests are merged into the main branch.
Dockerized Deployment:
Includes a [Dockerfile] for containerized deployment using Python 3.11
Created At: 2025-04-12T14:48:59Z
Closed & Merged At: 2025-04-12T14:56:45Z
Assignees: githubofkrishnadhas
Total Commits: 1
What's Changed
- Example python app with fast api by @githubofkrishnadhas in #1
New Contributors
- @githubofkrishnadhas made their first contribution in #1
Full Changelog: https://github.com/devwithkrishna/example-python-application/commits/v1.0.0