Files @ df930758dcf7
Branch filter:

Location: kallithea/scripts/generate-ini.py

df930758dcf7 2.1 KiB text/x-python Show Annotation Show as Raw Download as Raw
mads
repos: extra HTML escaping of repo and repo group names shown in DataTables

These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.

raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.

just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/usr/bin/env python3
"""
Based on kallithea/lib/paster_commands/template.ini.mako, generate development.ini
"""

import re

from kallithea.lib import inifile


# files to be generated from the mako template
ini_files = [
    ('development.ini',
        {
            '[server:main]': {
                'host': '0.0.0.0',
            },
            '[app:main]': {
                'debug': 'true',
                'app_instance_uuid': 'development-not-secret',
                'session.secret': 'development-not-secret',
            },
            '[logger_root]': {
                'handlers': 'console_color',
            },
            '[logger_routes]': {
                'level': 'DEBUG',
            },
            '[logger_beaker]': {
                'level': 'DEBUG',
            },
            '[logger_templates]': {
                'level': 'INFO',
            },
            '[logger_kallithea]': {
                'level': 'DEBUG',
            },
            '[logger_tg]': {
                'level': 'DEBUG',
            },
            '[logger_gearbox]': {
                'level': 'DEBUG',
            },
            '[logger_whoosh_indexer]': {
                'level': 'DEBUG',
            },
        },
    ),
]


def main():
    # make sure all mako lines starting with '#' (the '##' comments) are marked up as <text>
    makofile = inifile.template_file
    print('reading:', makofile)
    mako_org = open(makofile).read()
    mako_no_text_markup = re.sub(r'</?%text>', '', mako_org)
    mako_marked_up = re.sub(r'\n##(.*)', r'\n<%text>##</%text>\1', mako_no_text_markup, flags=re.MULTILINE)
    if mako_marked_up != mako_org:
        print('writing:', makofile)
        open(makofile, 'w').write(mako_marked_up)

    lines = re.findall(r'\n(# [^ ].*)', mako_marked_up)
    if lines:
        print('ERROR: the template .ini file convention is to use "## Foo Bar" for text comments and "#foo = bar" for disabled settings')
        for line in lines:
            print(line)
        raise SystemExit(1)

    # create ini files
    for fn, settings in ini_files:
        print('updating:', fn)
        inifile.create(fn, None, settings)


if __name__ == '__main__':
    main()
Server instance: clio-19819 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support