bump falcon requirement to <5 (#139)

contrast-jproberts · web-flow · commit 412e7cb04d53 · 2025-01-03T13:36:31.000-05:00
falcon&lt;4 doesn't support Python 3.13. Bump the requirement to allow
the latest Python version. Also use the text attribute of responses
instead of the deprecated body attribute, and fix an asgi RuntimeError.
diff --git a/setup.py b/setup.py
@@ -11,7 +11,7 @@
 trigger_extras = {"PyYAML<7", "lxml>=4.3.1", "mock==3.*"}
 aiohttp_extras = {"aiohttp<4"} | trigger_extras
 django_extras = {"Django<6"} | trigger_extras
-falcon_extras = {"falcon<4", "falcon-multipart==0.2.0"} | trigger_extras
+falcon_extras = {"falcon<5", "falcon-multipart==0.2.0"} | trigger_extras
 flask_extras = {"Flask<4"} | trigger_extras
 fastapi_extras = {
     "fastapi<1",
diff --git a/src/vulnpy/falcon/vulnerable.py b/src/vulnpy/falcon/vulnerable.py
@@ -114,13 +114,13 @@ def _set_response(resp, path):
     """
     Set the response body and Content-Type
     """
-    resp.body = get_template(path)
+    resp.text = get_template(path)
     resp.content_type = "text/html"
 
 
 def _set_xss_response(resp, path, user_input):
     template = get_template(path)
     template += "<p>XSS: " + user_input + "</p>"
 
-    resp.body = template
+    resp.text = template
     resp.content_type = "text/html"
diff --git a/tests/falcon/test_vulnerable.py b/tests/falcon/test_vulnerable.py
@@ -13,7 +13,7 @@
 
 @pytest.fixture(scope="module")
 def client():
-    app = falcon.API()
+    app = falcon.App()
     vulnpy.falcon.add_vulnerable_routes(app)
     return testing.TestClient(app)
 
diff --git a/tests/falcon/test_vulnerable_asgi.py b/tests/falcon/test_vulnerable_asgi.py
@@ -12,7 +12,7 @@
 
 
 @pytest.fixture(scope="module")
-def client():
+async def client():
     app = falcon.asgi.App()
     vulnpy.falcon.add_vulnerable_asgi_routes(app)
     return testing.TestClient(app)
