Files
@ c57d926edd39
Branch filter:
Location: kallithea/scripts/generate-ini.py - annotation
c57d926edd39
2.0 KiB
text/x-python
auth: strip RFC4007 zone identifiers from IPv6 addresses before doing access control
If using IPv6, the request IP address might contain a '%' that the ipaddr
module that is used for IP filtering can't handle.
https://tools.ietf.org/html/rfc4007#section-11 specifies how IPv6 addresses can
have zone identifiers like trailing '%13' or '%eth0'. The zone identifier is
used to help distinguish *if* the same address should be available on multiple
interfaces. It *could* potentially have security implications in the odd case
where the same address is different on different interfaces. The IP whitelist
functionality does however not support zone filters, so there is no way users
can expect the zone to be relevant for IP filtering. We can thus safely strip
the zone index and only check for match on the other parts of the address.
If using IPv6, the request IP address might contain a '%' that the ipaddr
module that is used for IP filtering can't handle.
https://tools.ietf.org/html/rfc4007#section-11 specifies how IPv6 addresses can
have zone identifiers like trailing '%13' or '%eth0'. The zone identifier is
used to help distinguish *if* the same address should be available on multiple
interfaces. It *could* potentially have security implications in the odd case
where the same address is different on different interfaces. The IP whitelist
functionality does however not support zone filters, so there is no way users
can expect the zone to be relevant for IP filtering. We can thus safely strip
the zone index and only check for match on the other parts of the address.
06d5c043e989 06d5c043e989 213085032127 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 e3cce237d77c e3cce237d77c 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 fc6b1b0e1096 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 150173a027ee 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 94f6b23e52d0 06d5c043e989 665dfa112f2c 06d5c043e989 06d5c043e989 06d5c043e989 06d5c043e989 665dfa112f2c 06d5c043e989 06d5c043e989 d06039dc4ca2 06d5c043e989 94f6b23e52d0 94f6b23e52d0 06d5c043e989 06d5c043e989 06d5c043e989 | #!/usr/bin/env python2
"""
Based on kallithea/lib/paster_commands/template.ini.mako, generate
development.ini
kallithea/tests/test.ini
"""
import re
from kallithea.lib import inifile
# files to be generated from the mako template
ini_files = [
('development.ini',
{
'[server:main]': {
'host': '0.0.0.0',
},
'[app:main]': {
'debug': 'true',
'app_instance_uuid': 'development-not-secret',
'beaker.session.secret': 'development-not-secret',
},
'[handler_console]': {
'formatter': 'color_formatter',
},
'[handler_console_sql]': {
'formatter': 'color_formatter_sql',
},
'[logger_routes]': {
'level': 'DEBUG',
},
'[logger_beaker]': {
'level': 'DEBUG',
},
'[logger_templates]': {
'level': 'INFO',
},
'[logger_kallithea]': {
'level': 'DEBUG',
},
'[logger_tg]': {
'level': 'DEBUG',
},
'[logger_gearbox]': {
'level': 'DEBUG',
},
'[logger_whoosh_indexer]': {
'level': 'DEBUG',
},
},
),
]
def main():
# make sure all mako lines starting with '#' (the '##' comments) are marked up as <text>
makofile = inifile.template_file
print 'reading:', makofile
mako_org = open(makofile).read()
mako_no_text_markup = re.sub(r'</?%text>', '', mako_org)
mako_marked_up = re.sub(r'\n(##.*)', r'\n<%text>\1</%text>', mako_no_text_markup, flags=re.MULTILINE)
if mako_marked_up != mako_org:
print 'writing:', makofile
open(makofile, 'w').write(mako_marked_up)
# create ini files
for fn, settings in ini_files:
print 'updating:', fn
inifile.create(fn, None, settings)
if __name__ == '__main__':
main()
|