kallithea Files · scripts/pyflakes

Files @ df930758dcf7

Branch filter:

Location: kallithea/scripts/pyflakes

df930758dcf7 1.2 KiB text/plain Show Annotation Show as Raw Download as Raw

mads

repos: extra HTML escaping of repo and repo group names shown in DataTables

These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.

raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.

just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.

#!/usr/bin/env python3
"""
pyflakes with filter configuration for Kallithea.
Inspired by pyflakes/api.py and flake8/plugins/pyflakes.py .
"""

import sys

import pyflakes.api
import pyflakes.messages


class Reporter:

    warned = False

    def flake(self, warning):
        # ignore known warnings
        if isinstance(warning, pyflakes.messages.UnusedVariable):
            return
        if warning.filename == 'kallithea/bin/kallithea_cli_ishell.py':
            if isinstance(warning, pyflakes.messages.ImportStarUsed) and warning.message_args == ('kallithea.model.db',):
                return
            if isinstance(warning, pyflakes.messages.UnusedImport) and warning.message_args == ('kallithea.model.db.*',):
                return

        print('%s:%s %s   [%s %s]' % (warning.filename, warning.lineno, warning.message % warning.message_args, type(warning).__name__, warning.message_args))
        self.warned = True

    def unexpectedError(self, filename, msg):
        print('Unexpected error for %s: %s' % (filename, msg))


reporter = Reporter()

for filename in sorted(set(sys.argv[1:])):
    pyflakes.api.checkPath(filename, reporter=reporter)
if reporter.warned:
    raise SystemExit(1)