Mercurial > kallithea

changeset 5876:ea02c8b2b529

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: prevent misuse of PermFunction in bool context Evaluating a PermFunction as a boolean, rather than calling it, is almost certainly an error. If not, "pf is not None" can be used.
author Søren Løvborg <sorenl@unity3d.com>
date Tue, 19 Apr 2016 17:58:21 +0200
parents abc1ada59076
children ba5fee3879c8
files kallithea/lib/auth.py
diffstat 1 files changed, 7 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/auth.py	Tue Apr 19 18:03:30 2016 +0200
+++ b/kallithea/lib/auth.py	Tue Apr 19 17:58:21 2016 +0200
@@ -1002,6 +1002,13 @@
         self.repo_name = None
         self.group_name = None
 
+    def __nonzero__(self):
+        """ Defend against accidentally forgetting to call the object
+            and instead evaluating it directly in a boolean context,
+            which could have security implications.
+        """
+        raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')
+
     def __call__(self, check_location='', user=None):
         if not user:
             #TODO: remove this someday,put as user as attribute here