Mercurial > kallithea
view setup.py @ 7552:e74aa69f6827 stable
lib: sanitize HTML for all types of README rendering, not only markdown
The repository summary page will display a rendered version of the
repository 'readme' based on its file extension. In commit 5746cc3b3fa5,
the rendered output was already sanitized when the input was markdown.
However, also readmes written in other formats, like ReStructuredText (RST)
or plain text could have content that we want sanitized.
Therefore, move the sanitizing one level up so it covers all renderers, for
now and the future.
This fixes an XSS issue when a repository readme contains javascript code,
which would be executed when the repository summary page is visited by a
user.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
---|---|
date | Sat, 26 Jan 2019 20:27:50 +0100 |
parents | 5746cc3b3fa5 |
children | 22c8f23cc75b |
line wrap: on
line source
#!/usr/bin/env python2 # -*- coding: utf-8 -*- import os import sys import platform if sys.version_info < (2, 6): raise Exception('Kallithea requires python 2.6 or 2.7') here = os.path.abspath(os.path.dirname(__file__)) def _get_meta_var(name, data, callback_handler=None): import re matches = re.compile(r'(?:%s)\s*=\s*(.*)' % name).search(data) if matches: if not callable(callback_handler): callback_handler = lambda v: v return callback_handler(eval(matches.groups()[0])) _meta = open(os.path.join(here, 'kallithea', '__init__.py'), 'rb') _metadata = _meta.read() _meta.close() callback = lambda V: ('.'.join(map(str, V[:3])) + '.'.join(V[3:])) __version__ = _get_meta_var('VERSION', _metadata, callback) __license__ = _get_meta_var('__license__', _metadata) __author__ = _get_meta_var('__author__', _metadata) __url__ = _get_meta_var('__url__', _metadata) # defines current platform __platform__ = platform.system() is_windows = __platform__ in ['Windows'] requirements = [ "setuptools<34", # setuptools==34 has an undeclared requirement of pyparsing >=2.1, but celery<2.3 requires pyparsing<2 "waitress==0.8.8", "webob>=1.0.8,<=1.1.1", "webtest==1.4.3", "Pylons>=1.0.0,<=1.0.3", "Beaker==1.6.4", "WebHelpers==1.3", "formencode>=1.2.4,<=1.2.6", "SQLAlchemy==0.7.10", "Mako>=0.9.0,<=1.0.0", "pygments>=1.5", "whoosh>=2.4.0,<=2.5.7", "celery>=2.2.5,<2.3", "babel>=0.9.6,<=1.3", "python-dateutil>=1.5.0,<2.0.0", "markdown==2.2.1", "docutils>=0.8.1,<=0.11", "mock", "URLObject==2.3.4", "Routes==1.13", "dulwich>=0.9.9,<=0.9.9", "mercurial>=2.9,<4.3", "bleach >= 3.0, < 3.1", ] if sys.version_info < (2, 7): requirements.append("importlib==1.0.1") requirements.append("unittest2") requirements.append("argparse") if not is_windows: requirements.append("py-bcrypt>=0.3.0,<=0.4") dependency_links = [ ] classifiers = [ 'Development Status :: 4 - Beta', 'Environment :: Web Environment', 'Framework :: Pylons', 'Intended Audience :: Developers', 'License :: OSI Approved :: GNU General Public License (GPL)', 'Operating System :: OS Independent', 'Programming Language :: Python', 'Programming Language :: Python :: 2.6', 'Programming Language :: Python :: 2.7', 'Topic :: Software Development :: Version Control', ] # additional files from project that goes somewhere in the filesystem # relative to sys.prefix data_files = [] # additional files that goes into package itself package_data = {'kallithea': ['i18n/*/LC_MESSAGES/*.mo', ], } description = ('Kallithea is a fast and powerful management tool ' 'for Mercurial and Git with a built in push/pull server, ' 'full text search and code-review.') keywords = ' '.join([ 'kallithea', 'mercurial', 'git', 'code review', 'repo groups', 'ldap', 'repository management', 'hgweb replacement', 'hgwebdir', 'gitweb replacement', 'serving hgweb', ]) # long description README_FILE = 'README.rst' CHANGELOG_FILE = 'docs/changelog.rst' try: long_description = open(README_FILE).read() + '\n\n' + \ open(CHANGELOG_FILE).read() except IOError as err: sys.stderr.write( "[WARNING] Cannot find file specified as long_description (%s)\n or " "changelog (%s) skipping that file" % (README_FILE, CHANGELOG_FILE) ) long_description = description try: from setuptools import setup, find_packages except ImportError: from ez_setup import use_setuptools use_setuptools() from setuptools import setup, find_packages # monkey patch setuptools to use distutils owner/group functionality from setuptools.command import sdist sdist_org = sdist.sdist class sdist_new(sdist_org): def initialize_options(self): sdist_org.initialize_options(self) self.owner = self.group = 'root' sdist.sdist = sdist_new # packages packages = find_packages(exclude=['ez_setup']) setup( name='Kallithea', version=__version__, description=description, long_description=long_description, keywords=keywords, license=__license__, author=__author__, author_email='kallithea@sfconservancy.org', dependency_links=dependency_links, url=__url__, install_requires=requirements, classifiers=classifiers, setup_requires=["PasteScript>=1.6.3"], data_files=data_files, packages=packages, include_package_data=True, test_suite='nose.collector', package_data=package_data, message_extractors={'kallithea': [ ('**.py', 'python', None), ('templates/**.mako', 'mako', {'input_encoding': 'utf-8'}), ('templates/**.html', 'mako', {'input_encoding': 'utf-8'}), ('public/**', 'ignore', None)]}, zip_safe=False, paster_plugins=['PasteScript', 'Pylons'], entry_points=""" [console_scripts] kallithea-api = kallithea.bin.kallithea_api:main kallithea-gist = kallithea.bin.kallithea_gist:main kallithea-config = kallithea.bin.kallithea_config:main [paste.app_factory] main = kallithea.config.middleware:make_app [paste.app_install] main = pylons.util:PylonsInstaller [paste.global_paster_command] setup-db=kallithea.lib.paster_commands.setup_db:Command cleanup-repos=kallithea.lib.paster_commands.cleanup:Command update-repoinfo=kallithea.lib.paster_commands.update_repoinfo:Command make-rcext=kallithea.lib.paster_commands.make_rcextensions:Command repo-scan=kallithea.lib.paster_commands.repo_scan:Command cache-keys=kallithea.lib.paster_commands.cache_keys:Command ishell=kallithea.lib.paster_commands.ishell:Command make-index=kallithea.lib.paster_commands.make_index:Command upgrade-db=kallithea.lib.dbmigrate:UpgradeDb celeryd=kallithea.lib.celerypylons.commands:CeleryDaemonCommand install-iis=kallithea.lib.paster_commands.install_iis:Command [nose.plugins] pylons = pylons.test:PylonsPlugin """, )