Files @ a8a51a3bdb61
Branch filter:

Location: kallithea/scripts/pyflakes

a8a51a3bdb61 1.2 KiB text/plain Show Annotation Show as Raw Download as Raw
mads
git: disallow odd characters in path of git:// URLs

Mitigate https://blog.harold.kim/2020/11/invalid-url-on-git-clone-leading-to-ssrf
until the problem is fixed properly in Git.

The checks might be more strict than necessary but should not have any impact
on real world use cases.

Thanks to stypr of Flatt Security for raising this.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/env python3
"""
pyflakes with filter configuration for Kallithea.
Inspired by pyflakes/api.py and flake8/plugins/pyflakes.py .
"""

import sys

import pyflakes.api
import pyflakes.messages


class Reporter:

    warned = False

    def flake(self, warning):
        # ignore known warnings
        if isinstance(warning, pyflakes.messages.UnusedVariable):
            return
        if warning.filename == 'kallithea/bin/kallithea_cli_ishell.py':
            if isinstance(warning, pyflakes.messages.ImportStarUsed) and warning.message_args == ('kallithea.model.db',):
                return
            if isinstance(warning, pyflakes.messages.UnusedImport) and warning.message_args == ('kallithea.model.db.*',):
                return

        print('%s:%s %s   [%s %s]' % (warning.filename, warning.lineno, warning.message % warning.message_args, type(warning).__name__, warning.message_args))
        self.warned = True

    def unexpectedError(self, filename, msg):
        print('Unexpected error for %s: %s' % (filename, msg))


reporter = Reporter()

for filename in sorted(set(sys.argv[1:])):
    pyflakes.api.checkPath(filename, reporter=reporter)
if reporter.warned:
    raise SystemExit(1)
Server instance: clio-31671 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support