kallithea Changeset - 2576a20d94ca

Changeset - 2576a20d94ca

Parent rev.

Child rev.

[Not reviewed]

beta

0 4 0

Marcin Kuzminski - 13 years ago 2013-05-12 00:41:38
marcin@python-works.com

Gist: don't allow files inside directories when creating gists

4 files changed with 35 insertions and 3 deletions:

rhodecode/model/forms.py

rhodecode/model/gist.py

rhodecode/model/validators.py

rhodecode/tests/functional/test_admin_gists.py

0 comments (0 inline, 0 general)

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -403,32 +403,33 @@ def PullRequestForm(repo_id): @@
         allow_extra_fields = True
         filter_extra_fields = True
         user = v.UnicodeString(strip=True, required=True)
         org_repo = v.UnicodeString(strip=True, required=True)
         org_ref = v.UnicodeString(strip=True, required=True)
         other_repo = v.UnicodeString(strip=True, required=True)
         other_ref = v.UnicodeString(strip=True, required=True)
         revisions = All(#v.NotReviewedRevisions(repo_id)(),
                         v.UniqueList(not_empty=True))
         review_members = v.UniqueList(not_empty=True)
         pullrequest_title = v.UnicodeString(strip=True, required=True, min=3)
         pullrequest_desc = v.UnicodeString(strip=True, required=False)
         ancestor_rev = v.UnicodeString(strip=True, required=True)
         merge_rev = v.UnicodeString(strip=True, required=True)
     return _PullRequestForm
 def GistForm(lifetime_options):
     class _GistForm(formencode.Schema):
         filename = v.UnicodeString(strip=True, required=False)
         filename = All(v.BasePath()(),
                        v.UnicodeString(strip=True, required=False))
         description = v.UnicodeString(required=False, if_missing='')
         lifetime = v.OneOf(lifetime_options)
         content = v.UnicodeString(required=True, not_empty=True)
         public = v.UnicodeString(required=False, if_missing='')
         private = v.UnicodeString(required=False, if_missing='')
     return _GistForm

rhodecode/model/gist.py

➞

Show inline comments

@@ @@ -99,48 +99,51 @@ class GistModel(BaseModel): @@
                   % (time_to_datetime(gist_expires)
                    if gist_expires != -1 else 'forever'))
         #create the Database version
         gist = Gist()
         gist.gist_description = description
         gist.gist_access_id = gist_id
         gist.gist_owner = owner.user_id
         gist.gist_expires = gist_expires
         gist.gist_type = safe_unicode(gist_type)
         self.sa.add(gist)
         self.sa.flush()
         if gist_type == Gist.GIST_PUBLIC:
             # use DB ID for easy to use GIST ID
             gist_id = safe_unicode(gist.gist_id)
             gist.gist_access_id = gist_id
             self.sa.add(gist)
         gist_repo_path = os.path.join(GIST_STORE_LOC, gist_id)
         log.debug('Creating new %s GIST repo in %s' % (gist_type, gist_repo_path))
         repo = RepoModel()._create_repo(repo_name=gist_repo_path, alias='hg',
                                         parent=None)
         processed_mapping = {}
         for filename in gist_mapping:
             if filename != os.path.basename(filename):
                 raise Exception('Filename cannot be inside a directory')
             content = gist_mapping[filename]['content']
             #TODO: expand support for setting explicit lexers
 #             if lexer is None:
 #                 try:
 #                     lexer = pygments.lexers.guess_lexer_for_filename(filename,content)
 #                 except pygments.util.ClassNotFound:
 #                     lexer = 'text'
             processed_mapping[filename] = {'content': content}
         # now create single multifile commit
         message = 'added file'
         message += 's: ' if len(processed_mapping) > 1 else ': '
         message += ', '.join([x for x in processed_mapping])
         #fake RhodeCode Repository object
         fake_repo = AttributeDict(dict(
             repo_name=gist_repo_path,
             scm_instance_no_cache=lambda: repo,
         ))
         ScmModel().create_nodes(
             user=owner.user_id, repo=fake_repo,
             message=message,
             nodes=processed_mapping,
             trigger_push_hook=False

rhodecode/model/validators.py

➞

Show inline comments

@@ @@ -747,63 +747,81 @@ def NotReviewedRevisions(repo_id): @@
                 .all()
             errors = []
             for cs in statuses:
                 if cs.pull_request_id:
                     errors.append(['pull_req', cs.revision[:12]])
                 elif cs.status:
                     errors.append(['status', cs.revision[:12]])
             if errors:
                 revs = ','.join([x[1] for x in errors])
                 msg = M(self, 'rev_already_reviewed', state, revs=revs)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(revisions=revs)
+                )
     return _validator
 def ValidIp():
     class _validator(CIDR):
         messages = dict(
             badFormat=_('Please enter a valid IPv4 or IpV6 address'),
             illegalBits=_('The network size (bits) must be within the range'
                 ' of 0-32 (not %(bits)r)'))
                 ' of 0-32 (not %(bits)r)')
+        )
         def to_python(self, value, state):
             v = super(_validator, self).to_python(value, state)
             v = v.strip()
             net = ipaddr.IPNetwork(address=v)
             if isinstance(net, ipaddr.IPv4Network):
                 #if IPv4 doesn't end with a mask, add /32
                 if '/' not in value:
                     v += '/32'
             if isinstance(net, ipaddr.IPv6Network):
                 #if IPv6 doesn't end with a mask, add /128
                 if '/' not in value:
                     v += '/128'
             return v
         def validate_python(self, value, state):
             try:
                 addr = value.strip()
                 #this raises an ValueError if address is not IpV4 or IpV6
                 ipaddr.IPNetwork(address=addr)
             except ValueError:
                 raise formencode.Invalid(self.message('badFormat', state),
                                          value, state)
     return _validator
 def FieldKey():
     class _validator(formencode.validators.FancyValidator):
         messages = dict(
             badFormat=_('Key name can only consist of letters, '
                         'underscore, dash or numbers'),)
                         'underscore, dash or numbers')
+        )
         def validate_python(self, value, state):
             if not re.match('[a-zA-Z0-9_-]+$', value):
                 raise formencode.Invalid(self.message('badFormat', state),
                                          value, state)
     return _validator
 def BasePath():
     class _validator(formencode.validators.FancyValidator):
         messages = dict(
             badPath=_('Filename cannot be inside a directory')
+        )
         def _to_python(self, value, state):
             return value
         def validate_python(self, value, state):
             if value != os.path.basename(value):
                 raise formencode.Invalid(self.message('badPath', state),
                                          value, state)
     return _validator

rhodecode/tests/functional/test_admin_gists.py

➞

Show inline comments

@@ @@ -54,48 +54,58 @@ class TestGistsController(TestController @@
         #and privates
         response.mustcontain('gist:%s' % gist.gist_access_id)
     def test_create_missing_description(self):
         self.log_user()
         response = self.app.post(url('gists'),
                                  params={'lifetime': -1}, status=200)
         response.mustcontain('Missing value')
     def test_create(self):
         self.log_user()
         response = self.app.post(url('gists'),
                                  params={'lifetime': -1,
                                          'content': 'gist test',
                                          'filename': 'foo',
                                          'public': 'public'},
                                  status=302)
         response = response.follow()
         response.mustcontain('added file: foo')
         response.mustcontain('gist test')
         response.mustcontain('<div class="ui-btn green badge">Public gist</div>')
     def test_create_with_path_with_dirs(self):
         self.log_user()
         response = self.app.post(url('gists'),
                                  params={'lifetime': -1,
                                          'content': 'gist test',
                                          'filename': '/home/foo',
                                          'public': 'public'},
                                  status=200)
         response.mustcontain('Filename cannot be inside a directory')
     def test_access_expired_gist(self):
         self.log_user()
         gist = _create_gist('never-see-me')
         gist.gist_expires = 0  # 1970
         Session().add(gist)
         Session().commit()
         response = self.app.get(url('gist', id=gist.gist_access_id), status=404)
     def test_create_private(self):
         self.log_user()
         response = self.app.post(url('gists'),
                                  params={'lifetime': -1,
                                          'content': 'private gist test',
                                          'filename': 'private-foo',
                                          'private': 'private'},
                                  status=302)
         response = response.follow()
         response.mustcontain('added file: private-foo<')
         response.mustcontain('private gist test')
         response.mustcontain('<div class="ui-btn yellow badge">Private gist</div>')
     def test_create_with_description(self):
         self.log_user()

0 comments (0 inline, 0 general)