Mercurial > kallithea
changeset 5876:ea02c8b2b529
auth: prevent misuse of PermFunction in bool context
Evaluating a PermFunction as a boolean, rather than calling it, is
almost certainly an error. If not, "pf is not None" can be used.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Tue, 19 Apr 2016 17:58:21 +0200 |
parents | abc1ada59076 |
children | ba5fee3879c8 |
files | kallithea/lib/auth.py |
diffstat | 1 files changed, 7 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Tue Apr 19 18:03:30 2016 +0200 +++ b/kallithea/lib/auth.py Tue Apr 19 17:58:21 2016 +0200 @@ -1002,6 +1002,13 @@ self.repo_name = None self.group_name = None + def __nonzero__(self): + """ Defend against accidentally forgetting to call the object + and instead evaluating it directly in a boolean context, + which could have security implications. + """ + raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!') + def __call__(self, check_location='', user=None): if not user: #TODO: remove this someday,put as user as attribute here