kallithea Files · scripts/pyflakes

Files @ f08fbf424898

Branch filter:

Location: kallithea/scripts/pyflakes

f08fbf424898 1.2 KiB text/plain Show Annotation Show as Raw Download as Raw

mads

auth: don't trust clients too much - only trust the *last* IP in the X-Forwarded-For header

The X-Forwarded-For header contains a list of IP addresses, where each
proxy server appends the IP they see their request coming from.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For .

Trusting the *first* IP in HTTP_X_FORWARDED_FOR would allow clients to claim
any IP, which could be used to bypass IP restrictions configured in Kallithea.

Instead, only trust the last proxy in the chain, and thus only use the *last*
IP in HTTP_X_FORWARDED_FOR. (In setups where more than last IP should be
trusted, the last proxy server in the chain must be configured rewrite the
header accordingly.)

#!/usr/bin/env python3
"""
pyflakes with filter configuration for Kallithea.
Inspired by pyflakes/api.py and flake8/plugins/pyflakes.py .
"""

import sys

import pyflakes.api
import pyflakes.messages


class Reporter:

    warned = False

    def flake(self, warning):
        # ignore known warnings
        if isinstance(warning, pyflakes.messages.UnusedVariable):
            return
        if warning.filename == 'kallithea/bin/kallithea_cli_ishell.py':
            if isinstance(warning, pyflakes.messages.ImportStarUsed) and warning.message_args == ('kallithea.model.db',):
                return
            if isinstance(warning, pyflakes.messages.UnusedImport) and warning.message_args == ('kallithea.model.db.*',):
                return

        print('%s:%s %s   [%s %s]' % (warning.filename, warning.lineno, warning.message % warning.message_args, type(warning).__name__, warning.message_args))
        self.warned = True

    def unexpectedError(self, filename, msg):
        print('Unexpected error for %s: %s' % (filename, msg))


reporter = Reporter()

for filename in sorted(set(sys.argv[1:])):
    pyflakes.api.checkPath(filename, reporter=reporter)
if reporter.warned:
    raise SystemExit(1)