fix(security): atomic hw-status write, narrow bare excepts, urllib3 CVE floor

mirror of https://github.com/ChuckBuilds/LEDMatrix.git synced 2026-05-21 12:23:32 +00:00

- display_manager: replace open()+bare-except with tempfile.mkstemp→fsync→
  chmod(0o600)→os.replace; adds symlink guard and logs errors via logger
  instead of swallowing them silently; pull json/tempfile to module imports
- display_manager cleanup(): narrow broad `except Exception: pass` to
  (OSError, RuntimeError, ValueError, MemoryError) with debug log
- api_v3 get_hardware_status(): catch json.JSONDecodeError and PermissionError
  explicitly; log full traceback server-side; return generic "Unable to read
  hardware status" to client instead of leaking str(e)
- march-madness/requirements.txt: bump urllib3 floor 2.2.2→2.6.3 (CVE fix)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

This commit is contained in:

Chuck

2026-05-18 17:10:23 -04:00

parent f6e9c7688d

commit db86a2a55e

3 changed files with 31 additions and 11 deletions

2

plugin-repos/march-madness/requirements.txt

View File

@@ -1,5 +1,5 @@
 requests>=2.33.0
 urllib3>=2.2.2
 urllib3>=2.6.3
 Pillow>=12.2.0
 pytz>=2022.1
 numpy>=1.24.0

fix(security): atomic hw-status write, narrow bare excepts, urllib3 CVE floor

2 plugin-repos/march-madness/requirements.txt Unescape Escape View File

2

plugin-repos/march-madness/requirements.txt

View File