##// END OF EJS Templates
svn: added example to validate SVN file size and paths.
svn: added example to validate SVN file size and paths.

File last commit:

r3537:a46ee1c9 default
r3746:1c436801 new-ui
Show More
tweens.py
118 lines | 3.8 KiB | text/x-python | PythonLexer
project: added all source files and assets
r1 # -*- coding: utf-8 -*-
docs: updated copyrights to 2019
r3363 # Copyright (C) 2010-2019 RhodeCode GmbH
project: added all source files and assets
r1 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import logging
core: use application wide detection of invalid bytes sent via URL/GET/POST data.
r3145 from pyramid.httpexceptions import HTTPException, HTTPBadRequest
project: added all source files and assets
r1
vcs: do an early detection of vcs-type request....
r1297 from rhodecode.lib.middleware.vcs import (
detect_vcs_request, VCS_TYPE_KEY, VCS_TYPE_SKIP)
project: added all source files and assets
r1
vcs: do an early detection of vcs-type request....
r1297
project: added all source files and assets
r1 log = logging.getLogger(__name__)
core: use proper event to bootstrap pylons env....
r1309 def vcs_detection_tween_factory(handler, registry):
vcs: do an early detection of vcs-type request....
r1297
core: use proper event to bootstrap pylons env....
r1309 def vcs_detection_tween(request):
project: added all source files and assets
r1 """
core: use proper event to bootstrap pylons env....
r1309 Do detection of vcs type, and save results for other layers to re-use
this information
project: added all source files and assets
r1 """
pylons: remove pylons as dependency...
r2351 vcs_server_enabled = request.registry.settings.get('vcs.server.enable')
vcs_handler = vcs_server_enabled and detect_vcs_request(
vcs: do an early detection of vcs-type request....
r1297 request.environ, request.registry.settings.get('vcs.backends'))
if vcs_handler:
code: added more logging, and some notes
r1300 # save detected VCS type for later re-use
vcs: do an early detection of vcs-type request....
r1297 request.environ[VCS_TYPE_KEY] = vcs_handler.SCM
core: use proper event to bootstrap pylons env....
r1309 request.vcs_call = vcs_handler.SCM
pylons: remove pylons as dependency...
r2351
log.debug('Processing request with `%s` handler', handler)
vcs: do an early detection of vcs-type request....
r1297 return handler(request)
code: added more logging, and some notes
r1300 # mark that we didn't detect an VCS, and we can skip detection later on
vcs: do an early detection of vcs-type request....
r1297 request.environ[VCS_TYPE_KEY] = VCS_TYPE_SKIP
project: added all source files and assets
r1
pylons: remove pylons as dependency...
r2351 log.debug('Processing request with `%s` handler', handler)
dan
db: move Session.remove to outer wsgi layer and also add it...
r669 return handler(request)
project: added all source files and assets
r1
core: use proper event to bootstrap pylons env....
r1309 return vcs_detection_tween
project: added all source files and assets
r1
core: use application wide detection of invalid bytes sent via URL/GET/POST data.
r3145 def junk_encoding_detector(request):
"""
Detect bad encoded GET params, and fail immediately with BadRequest
"""
try:
request.GET.get("", None)
except UnicodeDecodeError:
raise HTTPBadRequest("Invalid bytes in query string.")
def bad_url_data_detector(request):
"""
Detect invalid bytes in a path.
"""
try:
request.path_info
except UnicodeDecodeError:
raise HTTPBadRequest("Invalid bytes in URL.")
def junk_form_data_detector(request):
"""
Detect bad encoded POST params, and fail immediately with BadRequest
"""
if request.method == "POST":
try:
request.POST.get("", None)
except ValueError:
raise HTTPBadRequest("Invalid bytes in form data.")
def sanity_check_factory(handler, registry):
def sanity_check(request):
tweens: check url sanity before vcs detection tween.
r3537 log.debug('Checking URL sanity')
core: use application wide detection of invalid bytes sent via URL/GET/POST data.
r3145 try:
junk_encoding_detector(request)
bad_url_data_detector(request)
junk_form_data_detector(request)
except HTTPException as exc:
return exc
return handler(request)
return sanity_check
project: added all source files and assets
r1 def includeme(config):
config.add_subscriber('rhodecode.subscribers.add_renderer_globals',
'pyramid.events.BeforeRender')
i18n: use consistent way of setting user language.
r1307 config.add_subscriber('rhodecode.subscribers.set_user_lang',
'pyramid.events.NewRequest')
project: added all source files and assets
r1 config.add_subscriber('rhodecode.subscribers.add_localizer',
'pyramid.events.NewRequest')
pyramid: moved extraction of user into a seperate subscriber.
r1903 config.add_subscriber('rhodecode.subscribers.add_request_user_context',
'pyramid.events.ContextFound')
tweens: check url sanity before vcs detection tween.
r3537 config.add_tween('rhodecode.tweens.vcs_detection_tween_factory')
core: use application wide detection of invalid bytes sent via URL/GET/POST data.
r3145 config.add_tween('rhodecode.tweens.sanity_check_factory')