kallithea Files · scripts/source

Files @ f08fbf424898

Branch filter:

Location: kallithea/scripts/source_format.py - annotation

f08fbf424898 701 B text/x-python Show Source Show as Raw Download as Raw

mads

auth: don't trust clients too much - only trust the *last* IP in the X-Forwarded-For header

The X-Forwarded-For header contains a list of IP addresses, where each
proxy server appends the IP they see their request coming from.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For .

Trusting the *first* IP in HTTP_X_FORWARDED_FOR would allow clients to claim
any IP, which could be used to bypass IP restrictions configured in Kallithea.

Instead, only trust the last proxy in the chain, and thus only use the *last*
IP in HTTP_X_FORWARDED_FOR. (In setups where more than last IP should be
trusted, the last proxy server in the chain must be configured rewrite the
header accordingly.)

f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e
f8971422795e

#!/usr/bin/env python3

# hg files 'set:!binary()&grep("^#!.*python")' 'set:**.py' | xargs scripts/source_format.py

import re
import sys


filenames = sys.argv[1:]

for fn in filenames:
    with open(fn) as f:
        org_content = f.read()

    mod_name = fn[:-3] if fn.endswith('.py') else fn
    mod_name = mod_name[:-9] if mod_name.endswith('/__init__') else mod_name
    mod_name = mod_name.replace('/', '.')
    def f(m):
        return '"""\n%s\n%s\n' % (mod_name, '~' * len(mod_name))
    new_content = re.sub(r'^"""\n(kallithea\..*\n)(~+\n)?', f, org_content, count=1, flags=re.MULTILINE)

    if new_content != org_content:
        with open(fn, 'w') as f:
            f.write(new_content)