Mercurial > kallithea
annotate .coveragerc @ 7543:c9159e6fda04
cleanup: remove unnecessary (and potentially problematic) use of 'literal'
webhelpers.html.literal (kallithea.lib.helpers.literal) is only needed when
the passed string may contain HTML that needs to be interpreted literally.
It is unnecessary for plain strings.
Incorrect usage of literal can lead to XSS issues, via a malicious user
controlling data which will be rendered in other users' browsers. The data
could either be stored previously in the system or be part of a forged URL
the victim clicks on.
For example, when a user browses to a forged URL where a repository
changeset or branch name contains a javascript snippet, the snippet
was executed when printed on the page using 'literal'.
Remaining uses of 'literal' have been reviewed with no apparent problems
found.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
| author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
|---|---|
| date | Sat, 26 Jan 2019 20:00:14 +0100 |
| parents | 4b241f198cf2 |
| children | d332fca29474 |
| rev | line source |
|---|---|
|
6535
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
1 [run] |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
2 omit = |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
3 # the bin scripts are not part of the Kallithea web app |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
4 kallithea/bin/* |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
5 # we ship with no active extensions |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
6 kallithea/config/rcextensions/* |
|
7500
ddee465a345a
.coveragerc: remove reference to non-existing paster_commands dir
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
6924
diff
changeset
|
7 # dbmigrate is not a part of the Kallithea web app |
|
6535
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
8 kallithea/lib/dbmigrate/* |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
9 # the tests themselves should not be part of the coverage report |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
10 kallithea/tests/* |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
11 # the scm hooks are not run in the kallithea process |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
12 kallithea/config/post_receive_tmpl.py |
|
7790b34a0cef
tests: add pytest-cov .coveragerc file
domruf <dominikruf@gmail.com>
parents:
diff
changeset
|
13 kallithea/config/pre_receive_tmpl.py |
|
6924
0acb46763886
jenkinsfile: combine coverage files from different DB runs
domruf <dominikruf@gmail.com>
parents:
6535
diff
changeset
|
14 |
|
7501
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
15 # same omit lines should be present in sections 'run' and 'report' |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
16 [report] |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
17 omit = |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
18 # the bin scripts are not part of the Kallithea web app |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
19 kallithea/bin/* |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
20 # we ship with no active extensions |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
21 kallithea/config/rcextensions/* |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
22 # dbmigrate is not a part of the Kallithea web app |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
23 kallithea/lib/dbmigrate/* |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
24 # the tests themselves should not be part of the coverage report |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
25 kallithea/tests/* |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
26 # the scm hooks are not run in the kallithea process |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
27 kallithea/config/post_receive_tmpl.py |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
28 kallithea/config/pre_receive_tmpl.py |
|
4b241f198cf2
.coveragerc: fix reporting of coverage to match what is run
Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
parents:
7500
diff
changeset
|
29 |
|
6924
0acb46763886
jenkinsfile: combine coverage files from different DB runs
domruf <dominikruf@gmail.com>
parents:
6535
diff
changeset
|
30 [paths] |
|
0acb46763886
jenkinsfile: combine coverage files from different DB runs
domruf <dominikruf@gmail.com>
parents:
6535
diff
changeset
|
31 source = |
|
0acb46763886
jenkinsfile: combine coverage files from different DB runs
domruf <dominikruf@gmail.com>
parents:
6535
diff
changeset
|
32 kallithea/ |
|
0acb46763886
jenkinsfile: combine coverage files from different DB runs
domruf <dominikruf@gmail.com>
parents:
6535
diff
changeset
|
33 **/workspace/*/kallithea |