Mercurial > p > roundup > code

view website/issues/detectors/patches.py @ 5257:928512faf565

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- issue2550864: Potential information leakage via journal/history Original code didn't fully implement the security checks. Users with only Edit access on a property were not able to view the journal entry for the property. This patch fixes that. Also had additional info leakage: the target object of a link or multilink must be viewable or editable in order for the journal entry to be shown. Otherwise the existance of the target is exposed via the journal while it is blocked from searches, direct access etc.
author John Rouillard <rouilj@ieee.org>
date Sun, 27 Aug 2017 00:19:48 -0400
parents c2d0d3e9099d
children 0942fe89e82e
line wrap: on
line source

# Auditor for patch files
# Patches should be declared as text/plain (also .py files),
# independent of what the browser says, and
# the "patch" keyword should get set automatically.

import posixpath

patchtypes = ('.diff', '.patch')
sourcetypes = ('.diff', '.patch', '.py')

def ispatch(file, types):
    return posixpath.splitext(file)[1] in types

def patches_text_plain(db, cl, nodeid, newvalues):
    if ispatch(newvalues['name'], sourcetypes):
        newvalues['type'] = 'text/plain'

def patches_keyword(db, cl, nodeid, newvalues):
    # Check whether there are any new files
    newfiles = set(newvalues.get('files',()))
    if nodeid:
        newfiles -= set(db.issue.get(nodeid, 'files'))
    # Check whether any of these is a patch
    newpatch = False
    for fileid in newfiles:
        if ispatch(db.file.get(fileid, 'name'), patchtypes):
            newpatch = True
            break
    if newpatch:
        # Add the patch keyword if its not already there
        patchid = db.keyword.lookup("patch")
        oldkeywords = []
        if nodeid:
            oldkeywords = db.issue.get(nodeid, 'keywords')
            if patchid in oldkeywords:
                # This is already marked as a patch
                return
        if not newvalues.has_key('keywords'):
            newvalues['keywords'] = oldkeywords
        newvalues['keywords'].append(patchid)

def init(db):
    db.file.audit('create', patches_text_plain)
    db.issue.audit('create', patches_keyword)
    db.issue.audit('set', patches_keyword)
Roundup Issue Tracker: http://roundup-tracker.org/