Files
@ 64d41568507c
Branch filter:
Location: kallithea/.travis.yml - annotation
64d41568507c
834 B
application/yaml
repos: introduce low level slug check of repo and group names
The high level web forms already slug-ify repo and repo group names. It might
thus not create the exact repo that was created, but the name will be "safe".
For API, we would rather have it fail than not doing exactly what was requested.
Thus, always verify at low level that the provided name wouldn't be modified by
slugification. This makes sure the API provide allow the same actual names as
the web UI.
This will only influence creation and renaming of repositories and repo groups.
Existing repositories will continue working as before.
This is a slight API change, but it makes the system more stable and can
prevent some security issues - especially XSS attacks.
This issue was found and reported by
Kacper Szurek
https://security.szurek.pl/
The high level web forms already slug-ify repo and repo group names. It might
thus not create the exact repo that was created, but the name will be "safe".
For API, we would rather have it fail than not doing exactly what was requested.
Thus, always verify at low level that the provided name wouldn't be modified by
slugification. This makes sure the API provide allow the same actual names as
the web UI.
This will only influence creation and renaming of repositories and repo groups.
Existing repositories will continue working as before.
This is a slight API change, but it makes the system more stable and can
prevent some security issues - especially XSS attacks.
This issue was found and reported by
Kacper Szurek
https://security.szurek.pl/
6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 703d3208424c 703d3208424c 703d3208424c 6ccf86ebfd4e 925c77b9d3f1 925c77b9d3f1 925c77b9d3f1 925c77b9d3f1 6ccf86ebfd4e 6ccf86ebfd4e 703d3208424c 703d3208424c 63d3d20cad95 63d3d20cad95 63d3d20cad95 64ee7cf4a76d 63d3d20cad95 63d3d20cad95 63d3d20cad95 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 63d3d20cad95 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 13c0ab8eb343 08af8038e1cc 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 69377d1d7604 | language: python
python:
- "2.6"
- "2.7"
env:
- TEST_DB=sqlite:////tmp/kallithea_test.sqlite
- TEST_DB=mysql://root@127.0.0.1/kallithea_test
- TEST_DB=postgresql://postgres@127.0.0.1/kallithea_test
services:
- mysql
- postgresql
# command to install dependencies
before_script:
- mysql -e 'create database kallithea_test;'
- psql -c 'create database kallithea_test;' -U postgres
- git --version
before_install:
- sudo apt-get remove git
- sudo add-apt-repository ppa:pdoes/ppa -y
- sudo apt-get update -y
- sudo apt-get install git -y
install:
- pip install mysql-python psycopg2 mock unittest2
- pip install . --use-mirrors
# command to run tests
script: nosetests
notifications:
email:
- ci@kallithea-scm.org
irc: "irc.freenode.org#kallithea"
branches:
only:
- master
|