Files @ a569b523f86a
Branch filter:

Location: kallithea/.coveragerc

a569b523f86a 602 B text/plain Show Annotation Show as Raw Download as Raw
mads
repos: introduce low level check of clone URIs to prevent direct file system access to local repos

This is already checked in web form validation, but also check at low level to
make sure API access enforce the same invariants.

This issue was found and reported by
Kacper Szurek
https://security.szurek.pl/
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
[run]
omit =
    # the bin scripts are not part of the Kallithea web app
    kallithea/bin/*
    # we ship with no active extensions
    kallithea/config/rcextensions/*
    # dbmigrate and paster_commands are not part of the Kallithea web app
    kallithea/lib/dbmigrate/*
    kallithea/lib/paster_commands/*
    # the tests themselves should not be part of the coverage report
    kallithea/tests/*
    # the scm hooks are not run in the kallithea process
    kallithea/config/post_receive_tmpl.py
    kallithea/config/pre_receive_tmpl.py

[paths]
source =
    kallithea/
    **/workspace/*/kallithea
Server instance: clio-11787 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support