upstream/kallithea Commit - r8013:155c52d8

97

SSH_OPTIONS = 'no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'

97

SSH_OPTIONS = 'no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'

98

99

100

def _safe_check(s, rec = re.compile('^[a-zA-Z0-9+/]+={0,2}$')):

101

"""Return true if s really has the right content for base64 encoding and only contains safe characters

102

>>> _safe_check('asdf')

103

True

104

>>> _safe_check('as df')

105

False

106

>>> _safe_check('AAAAB3NzaC1yc2EAAAALVGhpcyBpcyBmYWtlIQ==')

107

True

108

"""

109

return rec.match(s) is not None

110

111

100

def authorized_keys_line(kallithea_cli_path, config_file, key):

112

def authorized_keys_line(kallithea_cli_path, config_file, key):

101

"""

113

"""

102

Return a line as it would appear in .authorized_keys

114

Return a line as it would appear in .authorized_keys

113

except SshKeyParseError:

125

except SshKeyParseError:

114

return '# Invalid Kallithea SSH key: %s %s\n' % (key.user.user_id, key.user_ssh_key_id)

126

return '# Invalid Kallithea SSH key: %s %s\n' % (key.user.user_id, key.user_ssh_key_id)

115

mimekey = decoded.encode('base64').replace('\n', '')

127

mimekey = decoded.encode('base64').replace('\n', '')

128

if not _safe_check(mimekey):

129

return '# Invalid Kallithea SSH key - bad base64 encoding: %s %s\n' % (key.user.user_id, key.user_ssh_key_id)

116

return '%s,command="%s ssh-serve -c %s %s %s" %s %s\n' % (

130

return '%s,command="%s ssh-serve -c %s %s %s" %s %s\n' % (

117

SSH_OPTIONS, kallithea_cli_path, config_file,

131

SSH_OPTIONS, kallithea_cli_path, config_file,

118

key.user.user_id, key.user_ssh_key_id,

132

key.user.user_id, key.user_ssh_key_id,

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             SSH_OPTIONS = 'no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
+            def _safe_check(s, rec = re.compile('^[a-zA-Z0-9+/]+={0,2}$')):
+                """Return true if s really has the right content for base64 encoding and only contains safe characters
+                >>> _safe_check('asdf')
+                True
+                >>> _safe_check('as df')
+                False
+                >>> _safe_check('AAAAB3NzaC1yc2EAAAALVGhpcyBpcyBmYWtlIQ==')
+                True
+                """
+                return rec.match(s) is not None
             def authorized_keys_line(kallithea_cli_path, config_file, key):
                 """
                 Return a line as it would appear in .authorized_keys
                 except SshKeyParseError:
                     return '# Invalid Kallithea SSH key: %s %s\n' % (key.user.user_id, key.user_ssh_key_id)
                 mimekey = decoded.encode('base64').replace('\n', '')
+                if not _safe_check(mimekey):
+                    return '# Invalid Kallithea SSH key - bad base64 encoding: %s %s\n' % (key.user.user_id, key.user_ssh_key_id)
                 return '%s,command="%s ssh-serve -c %s %s %s" %s %s\n' % (
                     SSH_OPTIONS, kallithea_cli_path, config_file,
                     key.user.user_id, key.user_ssh_key_id,