Bump to 1.0.3 (#159)

krzysztofg256 · web-flow · commit 85769ca060d7 · 2024-11-13T10:07:55.000+01:00
* Fixed security issue
diff --git a/CHANGES b/CHANGES
@@ -1,3 +1,8 @@
+## 1.0.3
+
+* Remediated security vulnerability caused by messaging complete file path in
+  WagonError in extract_source method
+
 ## 1.0.2
 
 * Update dependencies, replace obsolete, making Wagon compatible with Python 3.12
diff --git a/setup.py b/setup.py
@@ -27,7 +27,7 @@ def read(*parts):
 
 setup(
     name='wagon',
-    version='1.0.2',
+    version='1.0.3',
     url='https://github.com/cloudify-cosmo/wagon',
     author='Cloudify',
     author_email='cosmo-admin@cloudify.co',
diff --git a/wagon.py b/wagon.py
@@ -664,7 +664,7 @@ def extract_source(source, destination):
             raise WagonError(
                 'Failed to extract {0}. Please verify that the '
                 'provided file is a valid zip or tar.gz '
-                'archive'.format(source))
+                'archive'.format(os.path.basename(source)))
 
         source = os.path.join(
             destination, [d for d in next(os.walk(destination))[1]][0])
