security: fix medium-severity security issues

- Replace hardcoded /tmp directories with tempfile.gettempdir() (2 instances) - Add 30-second timeouts to all HTTP requests in miner_management.py (4 instances) - Skip agent_security.py temp directory fixes (configuration values, not insecure usage)
2026-04-18 10:44:08 +02:00
parent 8424902bee
commit d28222819c
2 changed files with 12 additions and 6 deletions
--- a/cli/miner_management.py
+++ b/cli/miner_management.py
@@ -309,7 +309,8 @@ def submit_job_result(
        response = requests.post(
            f"{coordinator_url}/v1/miners/{job_id}/result",
            headers=headers,
-            json=payload
+            json=payload,
+            timeout=30
        )
        
        if response.status_code == 200:
@@ -384,7 +385,8 @@ def update_capabilities(
        response = requests.put(
            f"{coordinator_url}/v1/miners/{miner_id}/capabilities",
            headers=headers,
-            json=payload
+            json=payload,
+            timeout=30
        )
        
        if response.status_code == 200:
@@ -450,7 +452,8 @@ def list_marketplace_offers(
        response = requests.get(
            f"{coordinator_url}/v1/marketplace/miner-offers",
            headers=admin_headers,
-            params=params
+            params=params,
+            timeout=30
        )
        
        if response.status_code == 200:
@@ -503,7 +506,8 @@ def create_marketplace_offer(
        response = requests.post(
            f"{coordinator_url}/v1/marketplace/offers",
            headers=admin_headers,
-            json=payload
+            json=payload,
+            timeout=30
        )
        
        if response.status_code == 200: