Files
@ 9b74296e6af6
Branch filter:
Location: kallithea/.travis.yml - annotation
9b74296e6af6
834 B
application/yaml
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)
Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).
This commit blocks such GET request, preventing CSRF attacks.
Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).
This commit blocks such GET request, preventing CSRF attacks.
6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 703d3208424c 703d3208424c 703d3208424c 6ccf86ebfd4e 925c77b9d3f1 925c77b9d3f1 925c77b9d3f1 925c77b9d3f1 6ccf86ebfd4e 6ccf86ebfd4e 703d3208424c 703d3208424c 63d3d20cad95 63d3d20cad95 63d3d20cad95 64ee7cf4a76d 63d3d20cad95 63d3d20cad95 63d3d20cad95 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 63d3d20cad95 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 13c0ab8eb343 08af8038e1cc 6ccf86ebfd4e 6ccf86ebfd4e 6ccf86ebfd4e 69377d1d7604 | language: python
python:
- "2.6"
- "2.7"
env:
- TEST_DB=sqlite:////tmp/kallithea_test.sqlite
- TEST_DB=mysql://root@127.0.0.1/kallithea_test
- TEST_DB=postgresql://postgres@127.0.0.1/kallithea_test
services:
- mysql
- postgresql
# command to install dependencies
before_script:
- mysql -e 'create database kallithea_test;'
- psql -c 'create database kallithea_test;' -U postgres
- git --version
before_install:
- sudo apt-get remove git
- sudo add-apt-repository ppa:pdoes/ppa -y
- sudo apt-get update -y
- sudo apt-get install git -y
install:
- pip install mysql-python psycopg2 mock unittest2
- pip install . --use-mirrors
# command to run tests
script: nosetests
notifications:
email:
- ci@kallithea-scm.org
irc: "irc.freenode.org#kallithea"
branches:
only:
- master
|