Mercurial > kallithea
view setup.py @ 5811:9b74296e6af6 stable
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)
Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).
This commit blocks such GET request, preventing CSRF attacks.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Tue, 19 Apr 2016 18:02:56 +0200 |
parents | 9e53eb77287c |
children | 2f14b4db0362 b777b096d9a2 |
line wrap: on
line source
#!/usr/bin/env python2 # -*- coding: utf-8 -*- import os import sys import platform if sys.version_info < (2, 6): raise Exception('Kallithea requires python 2.6 or 2.7') here = os.path.abspath(os.path.dirname(__file__)) def _get_meta_var(name, data, callback_handler=None): import re matches = re.compile(r'(?:%s)\s*=\s*(.*)' % name).search(data) if matches: if not callable(callback_handler): callback_handler = lambda v: v return callback_handler(eval(matches.groups()[0])) _meta = open(os.path.join(here, 'kallithea', '__init__.py'), 'rb') _metadata = _meta.read() _meta.close() callback = lambda V: ('.'.join(map(str, V[:3])) + '.'.join(V[3:])) __version__ = _get_meta_var('VERSION', _metadata, callback) __license__ = _get_meta_var('__license__', _metadata) __author__ = _get_meta_var('__author__', _metadata) __url__ = _get_meta_var('__url__', _metadata) # defines current platform __platform__ = platform.system() is_windows = __platform__ in ['Windows'] requirements = [ "waitress==0.8.8", "webob>=1.0.8,<=1.1.1", "webtest==1.4.3", "Pylons>=1.0.0,<=1.0.2", "Beaker==1.6.4", "WebHelpers==1.3", "formencode>=1.2.4,<=1.2.6", "SQLAlchemy==0.7.10", "Mako>=0.9.0,<=1.0.0", "pygments>=1.5", "whoosh>=2.4.0,<=2.5.7", "celery>=2.2.5,<2.3", "babel>=0.9.6,<=1.3", "python-dateutil>=1.5.0,<2.0.0", "markdown==2.2.1", "docutils>=0.8.1,<=0.11", "mock", "URLObject==2.3.4", "Routes==1.13", "dulwich>=0.9.9,<=0.9.9", "mercurial>=2.9,<3.8", ] if sys.version_info < (2, 7): requirements.append("importlib==1.0.1") requirements.append("unittest2") requirements.append("argparse") if not is_windows: requirements.append("py-bcrypt>=0.3.0,<=0.4") dependency_links = [ ] classifiers = [ 'Development Status :: 4 - Beta', 'Environment :: Web Environment', 'Framework :: Pylons', 'Intended Audience :: Developers', 'License :: OSI Approved :: GNU General Public License (GPL)', 'Operating System :: OS Independent', 'Programming Language :: Python', 'Programming Language :: Python :: 2.6', 'Programming Language :: Python :: 2.7', 'Topic :: Software Development :: Version Control', ] # additional files from project that goes somewhere in the filesystem # relative to sys.prefix data_files = [] # additional files that goes into package itself package_data = {'kallithea': ['i18n/*/LC_MESSAGES/*.mo', ], } description = ('Kallithea is a fast and powerful management tool ' 'for Mercurial and Git with a built in push/pull server, ' 'full text search and code-review.') keywords = ' '.join([ 'kallithea', 'mercurial', 'git', 'code review', 'repo groups', 'ldap', 'repository management', 'hgweb replacement', 'hgwebdir', 'gitweb replacement', 'serving hgweb', ]) # long description README_FILE = 'README.rst' CHANGELOG_FILE = 'docs/changelog.rst' try: long_description = open(README_FILE).read() + '\n\n' + \ open(CHANGELOG_FILE).read() except IOError as err: sys.stderr.write( "[WARNING] Cannot find file specified as long_description (%s)\n or " "changelog (%s) skipping that file" % (README_FILE, CHANGELOG_FILE) ) long_description = description try: from setuptools import setup, find_packages except ImportError: from ez_setup import use_setuptools use_setuptools() from setuptools import setup, find_packages # monkey patch setuptools to use distutils owner/group functionality from setuptools.command import sdist sdist_org = sdist.sdist class sdist_new(sdist_org): def initialize_options(self): sdist_org.initialize_options(self) self.owner = self.group = 'root' sdist.sdist = sdist_new # packages packages = find_packages(exclude=['ez_setup']) setup( name='Kallithea', version=__version__, description=description, long_description=long_description, keywords=keywords, license=__license__, author=__author__, author_email='kallithea@sfconservancy.org', dependency_links=dependency_links, url=__url__, install_requires=requirements, classifiers=classifiers, setup_requires=["PasteScript>=1.6.3"], data_files=data_files, packages=packages, include_package_data=True, test_suite='nose.collector', package_data=package_data, message_extractors={'kallithea': [ ('**.py', 'python', None), ('templates/**.mako', 'mako', {'input_encoding': 'utf-8'}), ('templates/**.html', 'mako', {'input_encoding': 'utf-8'}), ('public/**', 'ignore', None)]}, zip_safe=False, paster_plugins=['PasteScript', 'Pylons'], entry_points=""" [console_scripts] kallithea-api = kallithea.bin.kallithea_api:main kallithea-gist = kallithea.bin.kallithea_gist:main kallithea-config = kallithea.bin.kallithea_config:main [paste.app_factory] main = kallithea.config.middleware:make_app [paste.app_install] main = pylons.util:PylonsInstaller [paste.global_paster_command] setup-db=kallithea.lib.paster_commands.setup_db:Command cleanup-repos=kallithea.lib.paster_commands.cleanup:Command update-repoinfo=kallithea.lib.paster_commands.update_repoinfo:Command make-rcext=kallithea.lib.paster_commands.make_rcextensions:Command repo-scan=kallithea.lib.paster_commands.repo_scan:Command cache-keys=kallithea.lib.paster_commands.cache_keys:Command ishell=kallithea.lib.paster_commands.ishell:Command make-index=kallithea.lib.paster_commands.make_index:Command upgrade-db=kallithea.lib.dbmigrate:UpgradeDb celeryd=kallithea.lib.celerypylons.commands:CeleryDaemonCommand install-iis=kallithea.lib.paster_commands.install_iis:Command [nose.plugins] pylons = pylons.test:PylonsPlugin """, )