From cb3ae447dcad893bf27279573d2ecedf1ad2518d Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Mon, 15 Sep 2025 14:47:46 +0530 Subject: [PATCH] Make CodeQL happy Dont output github token to stdout during build --- setup/upload.py | 13 +++++++------ src/calibre/srv/auto_reload.py | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/setup/upload.py b/setup/upload.py index 2b230e7213..67536ea58f 100644 --- a/setup/upload.py +++ b/setup/upload.py @@ -135,10 +135,10 @@ def send_to_backup(loc): def gh_cmdline(ver, data): - return [ + safe = [ __appname__, ver, 'fmap', 'github', __appname__, data['username'], - data['password'] ] + return safe + [data['password']], safe + ['PASSWORD_REDACTED'] def sf_cmdline(ver, sdata): @@ -151,8 +151,8 @@ def calibre_cmdline(ver): return [__appname__, ver, 'fmap', 'calibre'] -def run_remote_upload(args): - print('Running remotely:', ' '.join(args)) +def run_remote_upload(args, safe=None): + print('Running remotely:', ' '.join(safe or args)) subprocess.check_call([ 'ssh', '-x', f'{STAGING_USER}@{STAGING_HOST}', 'cd', STAGING_DIR, '&&', 'python', 'hosting.py' @@ -298,10 +298,11 @@ class UploadInstallers(Command): # {{{ def upload_to_github(self, replace): data = get_github_data() - args = gh_cmdline(__version__, data) + args, safe = gh_cmdline(__version__, data) if replace: args = ['--replace'] + args - run_remote_upload(args) + safe = ['--replace'] + safe + run_remote_upload(args, safe) def upload_to_sourceforge(self): sdata = get_sourceforge_data() diff --git a/src/calibre/srv/auto_reload.py b/src/calibre/srv/auto_reload.py index ccae8228ff..2bd07fd5fb 100644 --- a/src/calibre/srv/auto_reload.py +++ b/src/calibre/srv/auto_reload.py @@ -323,7 +323,7 @@ class Worker: s.settimeout(5) try: if self.uses_ssl: - s = ssl.create_default_context().wrap_socket(s) + s = ssl._create_stdlib_context().wrap_socket(s) s.connect(('localhost', self.port)) return except OSError: