Mercurial > kallithea

view scripts/validate-commits @ 7543:c9159e6fda04

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cleanup: remove unnecessary (and potentially problematic) use of 'literal' webhelpers.html.literal (kallithea.lib.helpers.literal) is only needed when the passed string may contain HTML that needs to be interpreted literally. It is unnecessary for plain strings. Incorrect usage of literal can lead to XSS issues, via a malicious user controlling data which will be rendered in other users' browsers. The data could either be stored previously in the system or be part of a forged URL the victim clicks on. For example, when a user browses to a forged URL where a repository changeset or branch name contains a javascript snippet, the snippet was executed when printed on the page using 'literal'. Remaining uses of 'literal' have been reviewed with no apparent problems found. Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
author Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
date Sat, 26 Jan 2019 20:00:14 +0100
parents 69f70de15f26
children d9e37f7fd35b
line wrap: on
line source

#!/usr/bin/env bash
# Validate the specified commits against test suite and other checks.

if [ -n "$VIRTUAL_ENV" ]; then
    echo "Please run this script from outside a virtualenv."
    exit 1
fi

if ! hg update --check -q .; then
    echo "Working dir is not clean, please commit/revert changes first."
    exit 1
fi

venv=$(mktemp -d kallithea-validatecommits-env-XXXXXX)
resultfile=$(mktemp kallithea-validatecommits-result-XXXXXX)
echo > "$resultfile"

cleanup()
{
    rm -rf /tmp/kallithea-test*
    rm -rf "$venv"
}
finish()
{
    cleanup
    # print (possibly intermediate) results
    cat "$resultfile"
    rm "$resultfile"
}
trap finish EXIT

for rev in $(hg log -r "$1" -T '{node}\n'); do
    hg log -r "$rev"
    hg update "$rev"

    cleanup
    virtualenv -p "$(command -v python2)" "$venv"
    source "$venv/bin/activate"
    pip install --upgrade pip setuptools
    pip install -e .
    pip install -r dev_requirements.txt
    pip install python-ldap python-pam

    # run-all-cleanup
    scripts/run-all-cleanup
    if ! hg update --check -q .; then
        echo "run-all-cleanup did not give clean results!"
        result="NOK"
        hg diff
        hg revert -a
    else
        result=" OK"
    fi
    echo "$result: $rev (run-all-cleanup)" >> "$resultfile"

    # pytest
    if py.test; then
        result=" OK"
    else
        result="NOK"
    fi
    echo "$result: $rev (pytest)" >> "$resultfile"

    deactivate
    echo
done