Mercurial > p > roundup > code
annotate detectors/creator_resolution.py @ 8356:63390dcfcfe9
bug: fix template use of structure with untrusted data
Looks like an xSS bug with an early version of the template that was
fixed in the code but never in the deployed tracker. It has been a
while since this particular construct has been in the classic template
which is the base for the tracker.
This has been fixed on the deployed tracker as well.
reported by 4bug of ChaMd5 Security Team H1 Group
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 08 Jul 2025 10:23:09 -0400 |
| parents | 0942fe89e82e |
| children |
| rev | line source |
|---|---|
|
4627
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
1 # This detector was written by richard@mechanicalcat.net and it's been |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
2 # placed in the Public Domain. Copy and modify to your heart's content. |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
3 |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
4 from roundup.exceptions import Reject |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
5 |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
6 def creator_resolution(db, cl, nodeid, newvalues): |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
7 '''Catch attempts to set the status to "resolved" - if the assignedto |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
8 user isn't the creator, then set the status to "in-progress" (try |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
9 "confirm-done" first though, but "classic" Roundup doesn't have that |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
10 status) |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
11 ''' |
|
5381
0942fe89e82e
Python 3 preparation: change "x.has_key(y)" to "y in x".
Joseph Myers <jsm@polyomino.org.uk>
parents:
5378
diff
changeset
|
12 if 'status' not in newvalues: |
|
4627
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
13 return |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
14 |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
15 # get the resolved state ID |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
16 resolved_id = db.status.lookup('resolved') |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
17 |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
18 if newvalues['status'] != resolved_id: |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
19 return |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
20 |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
21 # check the assignedto |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
22 assignedto = newvalues.get('assignedto', cl.get(nodeid, 'assignedto')) |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
23 creator = cl.get(nodeid, 'creator') |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
24 if assignedto == creator: |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
25 if db.getuid() != creator: |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
26 name = db.user.get(creator, 'username') |
|
5378
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
4628
diff
changeset
|
27 raise Reject('Only the creator (%s) may close this issue'%name) |
|
4627
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
28 return |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
29 |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
30 # set the assignedto and status |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
31 newvalues['assignedto'] = creator |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
32 try: |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
33 status = db.status.lookup('confirm-done') |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
34 except KeyError: |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
35 status = db.status.lookup('in-progress') |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
36 newvalues['status'] = status |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
37 |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
38 def init(db): |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
39 db.issue.audit('set', creator_resolution) |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
40 |
|
6b32e9dac625
Restore sample detectors removed by 07c5d833dcb2 (issue2550574)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
41 # vim: set filetype=python ts=4 sw=4 et si |