Files
@ aa51aca7fd1a
Branch filter:
Location: kallithea/docs/administrator_guide/vcs_setup.rst - annotation
aa51aca7fd1a
1.7 KiB
text/prs.fallenstein.rst
controller: Handle UnicodeDecodeError from webob decoding invalid URLs
webob will try to utf-8 decode all %-encoded bytes in URL-parameters, but will
not handle Unicode erors ... and neither did Kallithea. Visiting a URL like
http://localhost:5000/?%AD would thus give an unhandled exception showing
"Internal Server Error" to the user, and logging the full traceback and:
WebApp Error: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xad in position 0: invalid start byte
This has been seen a lot recently from attackers probing for a php
vulnerability
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ .
Now handle these exceptions more nicely and reject with "400 Bad Request".
webob will try to utf-8 decode all %-encoded bytes in URL-parameters, but will
not handle Unicode erors ... and neither did Kallithea. Visiting a URL like
http://localhost:5000/?%AD would thus give an unhandled exception showing
"Internal Server Error" to the user, and logging the full traceback and:
WebApp Error: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xad in position 0: invalid start byte
This has been seen a lot recently from attackers probing for a php
vulnerability
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ .
Now handle these exceptions more nicely and reject with "400 Bad Request".
2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 52f823b92614 52f823b92614 52f823b92614 52f823b92614 52f823b92614 52f823b92614 52f823b92614 52f823b92614 52f823b92614 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe 2bb5e9ee49fe | .. _vcs_setup:
=============================
Version control systems setup
=============================
Kallithea supports Git and Mercurial repositories out-of-the-box.
For Git, you do need the ``git`` command line client installed on the server.
You can always disable Git or Mercurial support by editing the
file ``kallithea/__init__.py`` and commenting out the backend. For example, to
disable Git but keep Mercurial enabled:
.. code-block:: python
BACKENDS = {
'hg': 'Mercurial repository',
#'git': 'Git repository',
}
Git-specific setup
------------------
Web server with chunked encoding
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Large Git pushes require an HTTP server with support for
chunked encoding for POST. The Python web servers waitress_ and
gunicorn_ (Linux only) can be used. By default, Kallithea uses
waitress_ for `gearbox serve` instead of the built-in `paste` WSGI
server.
The web server used by gearbox is controlled in the .ini file::
use = egg:waitress#main
or::
use = egg:gunicorn#main
Also make sure to comment out the following options::
threadpool_workers =
threadpool_max_requests =
use_threadpool =
Increasing Git HTTP POST buffer size
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If Git pushes fail with HTTP error code 411 (Length Required), you may need to
increase the Git HTTP POST buffer. Run the following command as the user that
runs Kallithea to set a global Git variable to this effect::
git config --global http.postBuffer 524288000
.. _waitress: http://pypi.python.org/pypi/waitress
.. _gunicorn: http://pypi.python.org/pypi/gunicorn
.. _subrepositories: http://mercurial.aragost.com/kick-start/en/subrepositories/
|