Go to file
Graham Bleaney 461d5b1a3e pysa: Introduce sanitizers, models, and inline marking safe.
This commit adds three `.pysa` model files: `false_positives.pysa`
for ruling out false positive flows with `Sanitize` annotations,
`req_lib.pysa` for educating pysa about Zulip's `REQ()` pattern for
extracting user input, and `redirects.pysa` for capturing the risk
of open redirects within Zulip code. Additionally, this commit
introduces `mark_sanitized`, an identity function which can be used
to selectively clear taint in cases where `Sanitize` models will not
work. This commit also puts `mark_sanitized` to work removing known
false postive flows.
2020-06-11 12:57:49 -07:00
.circleci ci: Setup production job for Focal. 2020-06-08 21:59:57 -07:00
.github github: Suggest GIFs too in PR template. 2018-02-16 09:59:22 -08:00
.tx cleanup: Delete trailing newlines. 2019-08-06 23:29:11 -07:00
analytics python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
confirmation invitations: Revoke remaining invitations after user registers. 2020-05-27 15:37:16 -07:00
corporate python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
docs help: Add basic documentation of organization owners. 2020-06-10 14:07:46 -07:00
frontend_tests settings_org: Combine upload_realm_logo and upload_realm_icon function. 2020-06-10 17:05:29 -07:00
locale i18n: Update translation data from Transifex. 2020-06-04 14:05:54 -07:00
pgroonga migrate: Improve do_batch_update escaping correctness with psycopg2.sql. 2020-05-04 09:33:03 -07:00
puppet python: Use standard NoReturn (Python ≥ 3.6). 2020-06-11 12:56:52 -07:00
requirements python: Use standard NoReturn (Python ≥ 3.6). 2020-06-11 12:56:52 -07:00
scripts python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
static code cleanup: Avoid shadowing the tab_bar global. 2020-06-11 11:05:06 -07:00
stubs pysa: Introduce sanitizers, models, and inline marking safe. 2020-06-11 12:57:49 -07:00
templates i18n: Don't hardcode zulip.com URLs in translation tags. 2020-06-11 11:09:42 -07:00
tools python: Use standard NoReturn (Python ≥ 3.6). 2020-06-11 12:56:52 -07:00
zerver pysa: Introduce sanitizers, models, and inline marking safe. 2020-06-11 12:57:49 -07:00
zilencer python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
zproject api: Add GET /users/{user_id}/subscription/{stream_id} endpoint. 2020-06-10 17:59:14 -07:00
zthumbor thumbor: Fix __file__ typo. 2020-04-12 11:23:03 -07:00
.browserslistrc webpack: Transpile JS code with Babel. 2019-07-22 17:55:32 -07:00
.codecov.yml codecov: Change threshold to use percentage syntax. 2019-07-20 14:37:04 -07:00
.editorconfig .editorconfig: Add .scss, .hbs; drop weirder rules. 2020-04-22 15:03:08 -07:00
.eslintignore blueslip: Apply ESLint. 2019-11-01 12:13:59 -07:00
.eslintrc.json js: Extract message_edit_history.js. 2020-06-07 13:57:28 -07:00
.gitattributes Revert "gitattributes: Mark yarn.lock as "binary", i.e. suppress diffs." 2019-05-20 19:31:14 -07:00
.gitignore i18n: Move static/locale back to locale. 2019-07-02 14:57:55 -07:00
.gitlint lint: Allow revert commit messages in gitlint. 2018-02-13 09:21:01 -08:00
.isort.cfg tornado: Fix logging of tornado activity level. 2018-04-17 15:59:01 -07:00
.mailmap mailmap: Add mailmap entry for Aman Agrawal. 2020-05-15 17:11:19 -07:00
.npmignore
.pyre_configuration pysa: Add basic .pyre_configuration and taint.config for pysa. 2020-06-11 12:57:49 -07:00
.stylelintrc lint: Ban color names in CSS. 2019-01-22 15:33:18 -08:00
.yarnrc .yarnrc: Set ignore-scripts true. 2019-08-28 16:15:54 -07:00
CODE_OF_CONDUCT.md docs: Convert many http URLs to https. 2020-03-26 21:35:32 -07:00
CONTRIBUTING.md docs: Update most remaining references to zulipchat.com. 2020-06-08 18:10:45 -07:00
Dockerfile-postgresql base Zulip PostgreSQL Docker container on PGroonga official one 2019-12-30 10:20:25 -08:00
LICENSE docs: Bump copyright year. 2020-04-23 16:04:54 -07:00
NOTICE license: Move license application notice from LICENSE to NOTICE. 2018-10-02 12:04:44 -07:00
README.md docs: Update URLs to use https://zulip.com. 2020-06-08 18:10:45 -07:00
Vagrantfile Revert "vagrant: Add NFS backend for file synchronization for OSX." 2019-08-12 16:04:00 -07:00
babel.config.js babel: Enable loose mode. 2020-02-05 11:52:52 -08:00
manage.py python: Modernize legacy Python 2 syntax with pyupgrade. 2020-04-09 16:43:22 -07:00
mypy.ini mypy: Add specific codes to type: ignore annotations. 2020-04-22 10:46:33 -07:00
package.json dependencies: Upgrade JavaScript dependencies. 2020-06-07 11:06:57 -07:00
postcss.config.js webpack: Move CSS minification to optimization stage. 2019-09-02 21:58:13 -07:00
tsconfig.json tsconfig: Enable resolveJsonModule. 2020-05-26 23:33:40 -07:00
version.py i18n: Don't hardcode zulip.com URLs in translation tags. 2020-06-11 11:09:42 -07:00
yarn.lock dependencies: Upgrade JavaScript dependencies. 2020-06-07 11:06:57 -07:00

README.md

Zulip overview

Zulip is a powerful, open source group chat application that combines the immediacy of real-time chat with the productivity benefits of threaded conversations. Zulip is used by open source projects, Fortune 500 companies, large standards bodies, and others who need a real-time chat system that allows users to easily process hundreds or thousands of messages a day. With over 500 contributors merging over 500 commits a month, Zulip is also the largest and fastest growing open source group chat project.

CircleCI branch Coverage Status Mypy coverage GitHub release docs Zulip chat Twitter

Getting started

Click on the appropriate link below. If nothing seems to apply, join us on the Zulip community server and tell us what's up!

You might be interested in:

You may also be interested in reading our blog or following us on twitter. Zulip is distributed under the Apache 2.0 license.