Files
@ df930758dcf7
Branch filter:
Location: kallithea/scripts/logformat.py - annotation
df930758dcf7
1.8 KiB
text/x-python
repos: extra HTML escaping of repo and repo group names shown in DataTables
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
aa6f17a53b49 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 0a277465fddf 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 8bc8366a6874 4473f1094d3d 4473f1094d3d 8bc8366a6874 8bc8366a6874 63b548dd5ef3 8bc8366a6874 63b548dd5ef3 8bc8366a6874 63b548dd5ef3 8bc8366a6874 63b548dd5ef3 8bc8366a6874 63b548dd5ef3 8bc8366a6874 8bc8366a6874 4473f1094d3d 4473f1094d3d 665dfa112f2c 8bc8366a6874 8bc8366a6874 665dfa112f2c 4473f1094d3d 4473f1094d3d 4473f1094d3d 4473f1094d3d a8e6bb9ee9ea a8e6bb9ee9ea a8e6bb9ee9ea 4473f1094d3d 4473f1094d3d 4473f1094d3d 4473f1094d3d | #!/usr/bin/env python3
import re
import sys
logre = r'''
(log\.(?:error|info|warning|debug)
[(][ \n]*
)
%s
(
[ \n]*[)]
)
'''
res = [
# handle % () - keeping spaces around the old %
(re.compile(logre % r'''("[^"]*"|'[^']*') ([\n ]*) % ([\n ]*) \( ( (?:[^()]|\n)* (?: \( (?:[^()]|\n)* \) (?:[^()]|\n)* )* ) \) ''', flags=re.MULTILINE | re.VERBOSE), r'\1\2,\3\4\5\6'),
# handle % without () - keeping spaces around the old %
(re.compile(logre % r'''("[^"]*"|'[^']*') ([\n ]*) % ([\n ]*) ( (?:[^()]|\n)* (?: \( (?:[^()]|\n)* \) (?:[^()]|\n)* )* ) ''', flags=re.MULTILINE | re.VERBOSE), r'\1\2,\3\4\5\6'),
# remove extra space if it is on next line
(re.compile(logre % r'''("[^"]*"|'[^']*') , (\n [ ]) ([ ][\n ]*) ( (?:[^()]|\n)* (?: \( (?:[^()]|\n)* \) (?:[^()]|\n)* )* ) ''', flags=re.MULTILINE | re.VERBOSE), r'\1\2,\3\4\5\6'),
# remove extra space if it is on same line
(re.compile(logre % r'''("[^"]*"|'[^']*') , [ ]+ () ( [\n ]+) ( (?:[^()]|\n)* (?: \( (?:[^()]|\n)* \) (?:[^()]|\n)* )* ) ''', flags=re.MULTILINE | re.VERBOSE), r'\1\2,\3\4\5\6'),
# remove trailing , and space
(re.compile(logre % r'''("[^"]*"|'[^']*') , () ( [\n ]*) ( (?:[^()]|\n)* (?: \( (?:[^()]|\n)* \) (?:[^()]|\n)* )* [^(), \n] ) [ ,]*''', flags=re.MULTILINE | re.VERBOSE), r'\1\2,\3\4\5\6'),
]
def rewrite(f):
s = open(f).read()
for r, t in res:
s = r.sub(t, s)
open(f, 'w').write(s)
if __name__ == '__main__':
if len(sys.argv) < 2:
print('Cleanup of superfluous % formatting of log statements.')
print('Usage:')
print(''' hg revert `hg loc '*.py'|grep -v logformat.py` && scripts/logformat.py `hg loc '*.py'` && hg diff''')
raise SystemExit(1)
for f in sys.argv[1:]:
rewrite(f)
|