Files @ cd8fa11c5c89
Branch filter:

Location: kallithea/scripts/pyflakes

cd8fa11c5c89 1.2 KiB text/plain Show Annotation Show as Raw Download as Raw
mads
repogroups: fix HTML markup of descriptions

Repogroup descriptions were not urlified like repo descriptions are. That
caused incorrect rendering with posibility of XSS.

The problem was introduced in 0.4.0 with 6db3122e4d75.

Thanks to stypr of Flatt Security for reporting this vulnerability.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/env python3
"""
pyflakes with filter configuration for Kallithea.
Inspired by pyflakes/api.py and flake8/plugins/pyflakes.py .
"""

import sys

import pyflakes.api
import pyflakes.messages


class Reporter:

    warned = False

    def flake(self, warning):
        # ignore known warnings
        if isinstance(warning, pyflakes.messages.UnusedVariable):
            return
        if warning.filename == 'kallithea/bin/kallithea_cli_ishell.py':
            if isinstance(warning, pyflakes.messages.ImportStarUsed) and warning.message_args == ('kallithea.model.db',):
                return
            if isinstance(warning, pyflakes.messages.UnusedImport) and warning.message_args == ('kallithea.model.db.*',):
                return

        print('%s:%s %s   [%s %s]' % (warning.filename, warning.lineno, warning.message % warning.message_args, type(warning).__name__, warning.message_args))
        self.warned = True

    def unexpectedError(self, filename, msg):
        print('Unexpected error for %s: %s' % (filename, msg))


reporter = Reporter()

for filename in sorted(set(sys.argv[1:])):
    pyflakes.api.checkPath(filename, reporter=reporter)
if reporter.warned:
    raise SystemExit(1)
Server instance: clio-7076 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support