Files
@ cd8fa11c5c89
Branch filter:
Location: kallithea/scripts/logformat.py - annotation
cd8fa11c5c89
1.8 KiB
text/x-python
repogroups: fix HTML markup of descriptions
Repogroup descriptions were not urlified like repo descriptions are. That
caused incorrect rendering with posibility of XSS.
The problem was introduced in 0.4.0 with 6db3122e4d75.
Thanks to stypr of Flatt Security for reporting this vulnerability.
Repogroup descriptions were not urlified like repo descriptions are. That
caused incorrect rendering with posibility of XSS.
The problem was introduced in 0.4.0 with 6db3122e4d75.
Thanks to stypr of Flatt Security for reporting this vulnerability.
aa6f17a53b49 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 0a277465fddf 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 4473f1094d3d 4473f1094d3d 8bc8366a6874 8bc8366a6874 63b548dd5ef3 8bc8366a6874 63b548dd5ef3 8bc8366a6874 63b548dd5ef3 8bc8366a6874 63b548dd5ef3 8bc8366a6874 63b548dd5ef3 8bc8366a6874 8bc8366a6874 4473f1094d3d 4473f1094d3d 665dfa112f2c 8bc8366a6874 8bc8366a6874 665dfa112f2c 4473f1094d3d 4473f1094d3d 4473f1094d3d 4473f1094d3d a8e6bb9ee9ea a8e6bb9ee9ea a8e6bb9ee9ea 4473f1094d3d 4473f1094d3d 4473f1094d3d 4473f1094d3d | #!/usr/bin/env python3
import re
import sys
logre = r'''
(log\.(?:error|info|warning|debug)
[(][ \n]*
)
%s
(
[ \n]*[)]
)
'''
res = [
# handle % () - keeping spaces around the old %
(re.compile(logre % r'''("[^"]*"|'[^']*') ([\n ]*) % ([\n ]*) \( ( (?:[^()]|\n)* (?: \( (?:[^()]|\n)* \) (?:[^()]|\n)* )* ) \) ''', flags=re.MULTILINE | re.VERBOSE), r'\1\2,\3\4\5\6'),
# handle % without () - keeping spaces around the old %
(re.compile(logre % r'''("[^"]*"|'[^']*') ([\n ]*) % ([\n ]*) ( (?:[^()]|\n)* (?: \( (?:[^()]|\n)* \) (?:[^()]|\n)* )* ) ''', flags=re.MULTILINE | re.VERBOSE), r'\1\2,\3\4\5\6'),
# remove extra space if it is on next line
(re.compile(logre % r'''("[^"]*"|'[^']*') , (\n [ ]) ([ ][\n ]*) ( (?:[^()]|\n)* (?: \( (?:[^()]|\n)* \) (?:[^()]|\n)* )* ) ''', flags=re.MULTILINE | re.VERBOSE), r'\1\2,\3\4\5\6'),
# remove extra space if it is on same line
(re.compile(logre % r'''("[^"]*"|'[^']*') , [ ]+ () ( [\n ]+) ( (?:[^()]|\n)* (?: \( (?:[^()]|\n)* \) (?:[^()]|\n)* )* ) ''', flags=re.MULTILINE | re.VERBOSE), r'\1\2,\3\4\5\6'),
# remove trailing , and space
(re.compile(logre % r'''("[^"]*"|'[^']*') , () ( [\n ]*) ( (?:[^()]|\n)* (?: \( (?:[^()]|\n)* \) (?:[^()]|\n)* )* [^(), \n] ) [ ,]*''', flags=re.MULTILINE | re.VERBOSE), r'\1\2,\3\4\5\6'),
]
def rewrite(f):
s = open(f).read()
for r, t in res:
s = r.sub(t, s)
open(f, 'w').write(s)
if __name__ == '__main__':
if len(sys.argv) < 2:
print('Cleanup of superfluous % formatting of log statements.')
print('Usage:')
print(''' hg revert `hg loc '*.py'|grep -v logformat.py` && scripts/logformat.py `hg loc '*.py'` && hg diff''')
raise SystemExit(1)
for f in sys.argv[1:]:
rewrite(f)
|