Mercurial > kallithea
annotate .coveragerc @ 7299:57a733313e4f
repos: introduce low level slug check of repo and group names
The high level web forms already slug-ify repo and repo group names. It might
thus not create the exact repo that was created, but the name will be "safe".
For API, we would rather have it fail than not doing exactly what was requested.
Thus, always verify at low level that the provided name wouldn't be modified by
slugification. This makes sure the API provide allow the same actual names as
the web UI.
This will only influence creation and renaming of repositories and repo groups.
Existing repositories will continue working as before.
This is a slight API change, but it makes the system more stable and can
prevent some security issues - especially XSS attacks.
This issue was found and reported by
Kacper Szurek
https://security.szurek.pl/
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Tue, 29 May 2018 12:25:59 +0200 |
| parents | 0acb46763886 |
| children | ddee465a345a |
| rev | line source |
|---|---|
|
6535
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
1 [run] |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
2 omit = |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
3 # the bin scripts are not part of the Kallithea web app |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
4 kallithea/bin/* |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
5 # we ship with no active extensions |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
6 kallithea/config/rcextensions/* |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
7 # dbmigrate and paster_commands are not part of the Kallithea web app |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
8 kallithea/lib/dbmigrate/* |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
9 kallithea/lib/paster_commands/* |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
10 # the tests themselves should not be part of the coverage report |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
11 kallithea/tests/* |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
12 # the scm hooks are not run in the kallithea process |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
13 kallithea/config/post_receive_tmpl.py |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
14 kallithea/config/pre_receive_tmpl.py |
|
6924
0acb46763886
jenkinsfile: combine coverage files from different DB runs
domruf <dominikruf@gmail.com>
parents:
6535
diff
changeset
|
15 |
|
0acb46763886
jenkinsfile: combine coverage files from different DB runs
domruf <dominikruf@gmail.com>
parents:
6535
diff
changeset
|
16 [paths] |
|
0acb46763886
jenkinsfile: combine coverage files from different DB runs
domruf <dominikruf@gmail.com>
parents:
6535
diff
changeset
|
17 source = |
|
0acb46763886
jenkinsfile: combine coverage files from different DB runs
domruf <dominikruf@gmail.com>
parents:
6535
diff
changeset
|
18 kallithea/ |
|
0acb46763886
jenkinsfile: combine coverage files from different DB runs
domruf <dominikruf@gmail.com>
parents:
6535
diff
changeset
|
19 **/workspace/*/kallithea |