Mercurial > p > roundup > code
view .circleci/config.yml @ 8356:63390dcfcfe9
bug: fix template use of structure with untrusted data
Looks like an xSS bug with an early version of the template that was
fixed in the code but never in the deployed tracker. It has been a
while since this particular construct has been in the classic template
which is the base for the tracker.
This has been fixed on the deployed tracker as well.
reported by 4bug of ChaMd5 Security Team H1 Group
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 08 Jul 2025 10:23:09 -0400 |
| parents | b85c01544cfe |
| children |
line wrap: on
line source
version: 2 jobs: ubuntu: docker: - image: circleci/buildpack-deps:20.04 - image: circleci/postgres:12-alpine-ram environment: POSTGRES_USER: postgres POSTGRES_DB: circle_test - image: circleci/mysql:8.0-ram environment: MYSQL_ALLOW_EMPTY_PASSWORD=true MYSQL_ROOT_HOST=% resource_class: small working_directory: ~/repo steps: - checkout - run: name: install packages command: | sudo apt-get update sudo apt-get install -y libgpgme-dev default-mysql-client-core postgresql-client python3-docutils python3-gpg python3-jwt python3-markdown python3-markdown2 python3-mistune python3-mysqldb python3-pip python3-psycopg2 python3-pytest python3-pytest-cov python3-tz python3-venv python3-whoosh python3-xapian swig - run: name: setup databases command: | psql -d postgresql://postgres@localhost/circle_test -c "CREATE ROLE rounduptest WITH CREATEDB LOGIN PASSWORD 'rounduptest';" echo -e "[client]\nprotocol=tcp\n" >~/.my.cnf mysql --print-defaults mysql -u root -e "CREATE USER 'rounduptest'@'127.0.0.1' IDENTIFIED BY 'rounduptest'; GRANT ALL ON rounduptest.* TO 'rounduptest'@'127.0.0.1';" - run: name: run tests command: | py.test-3 -v test/ --cov=roundup --junitxml test-results/ubuntu.xml - run: name: run coverage command: | python3-coverage html -i - store_test_results: path: test-results - store_artifacts: path: htmlcov destination: roundup-ubuntu ubuntu-old: docker: - image: circleci/buildpack-deps:18.04 - image: circleci/postgres:10-alpine-ram environment: POSTGRES_USER: postgres POSTGRES_DB: circle_test - image: circleci/mysql:5.7-ram environment: MYSQL_ALLOW_EMPTY_PASSWORD=true MYSQL_ROOT_HOST=% resource_class: small working_directory: ~/repo steps: - checkout - run: name: install packages command: | sudo apt-get update sudo apt-get install -y libgpgme-dev default-mysql-client-core postgresql-client python3-docutils python3-gpg python3-jwt python3-markdown python3-mistune python3-mysqldb python3-pip python3-psycopg2 python3-pytest python3-pytest-cov python3-tz python3-venv python3-whoosh python3-xapian swig - run: name: setup databases command: | psql -d postgresql://postgres@localhost/circle_test -c "CREATE ROLE rounduptest WITH CREATEDB LOGIN PASSWORD 'rounduptest';" echo -e "[client]\nprotocol=tcp\n" >~/.my.cnf mysql --print-defaults mysql -u root -e "CREATE USER 'rounduptest'@'127.0.0.1' IDENTIFIED BY 'rounduptest'; GRANT ALL ON rounduptest.* TO 'rounduptest'@'127.0.0.1';" - run: name: run tests command: | py.test-3 -v test/ --cov=roundup --junitxml test-results/ubuntu-old.xml - run: name: run coverage command: | python3-coverage html -i - store_test_results: path: test-results - store_artifacts: path: htmlcov destination: roundup-ubuntu-old debian: docker: - image: circleci/buildpack-deps:buster - image: circleci/postgres:11-alpine-ram environment: POSTGRES_USER: postgres POSTGRES_DB: circle_test - image: circleci/mariadb:10.3-ram environment: MYSQL_ALLOW_EMPTY_PASSWORD=true MYSQL_ROOT_HOST=% resource_class: small working_directory: ~/repo steps: - checkout - run: name: install packages command: | sudo apt-get update sudo apt-get install -y libgpgme-dev default-mysql-client-core postgresql-client python3-docutils python3-gpg python3-jwt python3-markdown python3-markdown2 python3-mistune python3-mysqldb python3-pip python3-psycopg2 python3-pytest python3-pytest-cov python3-tz python3-venv python3-whoosh python3-xapian swig - run: name: setup databases command: | psql -d postgresql://postgres@localhost/circle_test -c "CREATE ROLE rounduptest WITH CREATEDB LOGIN PASSWORD 'rounduptest';" echo -e "[client]\nprotocol=tcp\nhost=127.0.0.1\n" >~/.my.cnf mysql --print-defaults mysql -u root -e "CREATE USER 'rounduptest'@'127.0.0.1' IDENTIFIED BY 'rounduptest'; GRANT ALL ON rounduptest.* TO 'rounduptest'@'127.0.0.1';" # patch host to 127.0.0.1 to force TCP connection to MySQL sed -i -e 's/\(config[.]RDBMS_HOST =\) "localhost"/\1 "127.0.0.1"/' test/db_test_base.py sed -i -e 's/rdbms_name=\([^,]\+\),/rdbms_host=127.0.0.1,rdbms_name=\1,/' test/test_admin.py - run: name: run tests command: | py.test-3 -v test/ --cov=roundup --junitxml test-results/debian.xml - run: name: run coverage command: | python3-coverage html -i - store_test_results: path: test-results - store_artifacts: path: htmlcov destination: roundup-debian workflows: version: 2 test_all: jobs: - ubuntu - ubuntu-old - debian