mirror of https://gitlab.com/bashrc2/epicyon
Snake case
parent
88922a9b4f
commit
7de8995310
|
|
@ -11,7 +11,7 @@ import os
|
||||||
import email.parser
|
import email.parser
|
||||||
import urllib.parse
|
import urllib.parse
|
||||||
from shutil import copyfile
|
from shutil import copyfile
|
||||||
from utils import dangerousSVG
|
from utils import dangerous_svg
|
||||||
from utils import remove_domain_port
|
from utils import remove_domain_port
|
||||||
from utils import isValidLanguage
|
from utils import isValidLanguage
|
||||||
from utils import get_image_extensions
|
from utils import get_image_extensions
|
||||||
|
|
@ -1120,7 +1120,7 @@ def saveMediaInFormPOST(mediaBytes, debug: bool,
|
||||||
if detectedExtension == 'svg':
|
if detectedExtension == 'svg':
|
||||||
svgStr = mediaBytes[startPos:]
|
svgStr = mediaBytes[startPos:]
|
||||||
svgStr = svgStr.decode()
|
svgStr = svgStr.decode()
|
||||||
if dangerousSVG(svgStr, False):
|
if dangerous_svg(svgStr, False):
|
||||||
return None, None
|
return None, None
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ from datetime import timezone
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
from utils import valid_post_date
|
from utils import valid_post_date
|
||||||
from categories import setHashtagCategory
|
from categories import setHashtagCategory
|
||||||
from utils import dangerousSVG
|
from utils import dangerous_svg
|
||||||
from utils import get_fav_filename_from_url
|
from utils import get_fav_filename_from_url
|
||||||
from utils import get_base_content_from_post
|
from utils import get_base_content_from_post
|
||||||
from utils import has_object_dict
|
from utils import has_object_dict
|
||||||
|
|
@ -180,7 +180,7 @@ def _downloadNewswireFeedFavicon(session, base_dir: str,
|
||||||
# check svg for dubious scripts
|
# check svg for dubious scripts
|
||||||
if favUrl.endswith('.svg'):
|
if favUrl.endswith('.svg'):
|
||||||
imageDataStr = str(imageData)
|
imageDataStr = str(imageData)
|
||||||
if dangerousSVG(imageDataStr, False):
|
if dangerous_svg(imageDataStr, False):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# save to the cache
|
# save to the cache
|
||||||
|
|
|
||||||
|
|
@ -59,7 +59,7 @@ from utils import acct_dir
|
||||||
from utils import get_user_paths
|
from utils import get_user_paths
|
||||||
from utils import get_group_paths
|
from utils import get_group_paths
|
||||||
from utils import local_actor_url
|
from utils import local_actor_url
|
||||||
from utils import dangerousSVG
|
from utils import dangerous_svg
|
||||||
from session import createSession
|
from session import createSession
|
||||||
from session import getJson
|
from session import getJson
|
||||||
from webfinger import webfingerHandle
|
from webfinger import webfingerHandle
|
||||||
|
|
@ -1635,7 +1635,7 @@ def getPersonAvatarUrl(base_dir: str, personUrl: str, person_cache: {},
|
||||||
content = ''
|
content = ''
|
||||||
with open(imFilename, 'r') as fp:
|
with open(imFilename, 'r') as fp:
|
||||||
content = fp.read()
|
content = fp.read()
|
||||||
if not dangerousSVG(content, False):
|
if not dangerous_svg(content, False):
|
||||||
return imPath
|
return imPath
|
||||||
|
|
||||||
if personJson.get('icon'):
|
if personJson.get('icon'):
|
||||||
|
|
|
||||||
6
tests.py
6
tests.py
|
|
@ -55,7 +55,7 @@ from follow import sendFollowRequestViaServer
|
||||||
from follow import sendUnfollowRequestViaServer
|
from follow import sendUnfollowRequestViaServer
|
||||||
from siteactive import siteIsActive
|
from siteactive import siteIsActive
|
||||||
from utils import get_sha_256
|
from utils import get_sha_256
|
||||||
from utils import dangerousSVG
|
from utils import dangerous_svg
|
||||||
from utils import canReplyTo
|
from utils import canReplyTo
|
||||||
from utils import is_group_account
|
from utils import is_group_account
|
||||||
from utils import get_actor_languages_list
|
from utils import get_actor_languages_list
|
||||||
|
|
@ -3685,7 +3685,7 @@ def _testDangerousSVG(base_dir: str) -> None:
|
||||||
' <svg viewBox="0 0 10 10" xmlns="http://www.w3.org/2000/svg">' + \
|
' <svg viewBox="0 0 10 10" xmlns="http://www.w3.org/2000/svg">' + \
|
||||||
' <circle cx="5" cy="5" r="4" />' + \
|
' <circle cx="5" cy="5" r="4" />' + \
|
||||||
'</svg>'
|
'</svg>'
|
||||||
assert not dangerousSVG(svgContent, False)
|
assert not dangerous_svg(svgContent, False)
|
||||||
svgContent = \
|
svgContent = \
|
||||||
' <svg viewBox="0 0 10 10" xmlns="http://www.w3.org/2000/svg">' + \
|
' <svg viewBox="0 0 10 10" xmlns="http://www.w3.org/2000/svg">' + \
|
||||||
' <script>' + \
|
' <script>' + \
|
||||||
|
|
@ -3705,7 +3705,7 @@ def _testDangerousSVG(base_dir: str) -> None:
|
||||||
'' + \
|
'' + \
|
||||||
' <circle cx="5" cy="5" r="4" />' + \
|
' <circle cx="5" cy="5" r="4" />' + \
|
||||||
'</svg>'
|
'</svg>'
|
||||||
assert dangerousSVG(svgContent, False)
|
assert dangerous_svg(svgContent, False)
|
||||||
|
|
||||||
assert not scanThemesForScripts(base_dir)
|
assert not scanThemesForScripts(base_dir)
|
||||||
|
|
||||||
|
|
|
||||||
4
theme.py
4
theme.py
|
|
@ -14,7 +14,7 @@ from utils import save_json
|
||||||
from utils import get_image_extensions
|
from utils import get_image_extensions
|
||||||
from utils import copytree
|
from utils import copytree
|
||||||
from utils import acct_dir
|
from utils import acct_dir
|
||||||
from utils import dangerousSVG
|
from utils import dangerous_svg
|
||||||
from utils import local_actor_url
|
from utils import local_actor_url
|
||||||
from shutil import copyfile
|
from shutil import copyfile
|
||||||
from shutil import make_archive
|
from shutil import make_archive
|
||||||
|
|
@ -902,7 +902,7 @@ def scanThemesForScripts(base_dir: str) -> bool:
|
||||||
content = ''
|
content = ''
|
||||||
with open(svgFilename, 'r') as fp:
|
with open(svgFilename, 'r') as fp:
|
||||||
content = fp.read()
|
content = fp.read()
|
||||||
svgDangerous = dangerousSVG(content, False)
|
svgDangerous = dangerous_svg(content, False)
|
||||||
if svgDangerous:
|
if svgDangerous:
|
||||||
print('svg file contains script: ' + svgFilename)
|
print('svg file contains script: ' + svgFilename)
|
||||||
return True
|
return True
|
||||||
|
|
|
||||||
6
utils.py
6
utils.py
|
|
@ -897,15 +897,15 @@ def dangerous_markup(content: str, allow_local_network_access: bool) -> bool:
|
||||||
separators, invalid_strings)
|
separators, invalid_strings)
|
||||||
|
|
||||||
|
|
||||||
def dangerousSVG(content: str, allow_local_network_access: bool) -> bool:
|
def dangerous_svg(content: str, allow_local_network_access: bool) -> bool:
|
||||||
"""Returns true if the given svg file content contains dangerous scripts
|
"""Returns true if the given svg file content contains dangerous scripts
|
||||||
"""
|
"""
|
||||||
separators = [['<', '>'], ['<', '>']]
|
separators = [['<', '>'], ['<', '>']]
|
||||||
invalidStrings = [
|
invalid_strings = [
|
||||||
'script'
|
'script'
|
||||||
]
|
]
|
||||||
return _is_dangerous_string(content, allow_local_network_access,
|
return _is_dangerous_string(content, allow_local_network_access,
|
||||||
separators, invalidStrings)
|
separators, invalid_strings)
|
||||||
|
|
||||||
|
|
||||||
def getDisplayName(base_dir: str, actor: str, person_cache: {}) -> str:
|
def getDisplayName(base_dir: str, actor: str, person_cache: {}) -> str:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue