Mercurial > p > roundup > code
annotate roundup/anypy/xmlrpc_.py @ 5924:b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
if deployed as CGI and client sends an http PROXY
header, the tainted HTTP_PROXY environment variable is created. It
can affect calls using requests package or curl. A roundup admin
would have to write detectors/extensions that use these mechanisms.
Not exploitable in default config.
See: https://httpoxy.org/
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 13 Oct 2019 17:45:06 -0400 |
| parents | db10c0a1f338 |
| children | 99d4fb22aa65 |
| rev | line source |
|---|---|
|
5408
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
diff
changeset
|
1 try: |
|
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
diff
changeset
|
2 # Python 3+. |
|
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
diff
changeset
|
3 from xmlrpc import client, server |
|
5552
db10c0a1f338
Fix xmlrpc module selection for incomplete backport (issue2551010).
Gabi <gabriele.roeger@unibas.ch>
parents:
5408
diff
changeset
|
4 server.SimpleXMLRPCDispatcher |
|
db10c0a1f338
Fix xmlrpc module selection for incomplete backport (issue2551010).
Gabi <gabriele.roeger@unibas.ch>
parents:
5408
diff
changeset
|
5 except (ImportError, AttributeError): |
|
5408
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
diff
changeset
|
6 # Python 2. |
|
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
diff
changeset
|
7 import xmlrpclib as client |
|
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
diff
changeset
|
8 import SimpleXMLRPCServer as server |