Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver
History
Graham Bleaney 461d5b1a3e pysa: Introduce sanitizers, models, and inline marking safe. 
This commit adds three `.pysa` model files: `false_positives.pysa`
for ruling out false positive flows with `Sanitize` annotations,
`req_lib.pysa` for educating pysa about Zulip's `REQ()` pattern for
extracting user input, and `redirects.pysa` for capturing the risk
of open redirects within Zulip code. Additionally, this commit
introduces `mark_sanitized`, an identity function which can be used
to selectively clear taint in cases where `Sanitize` models will not
work. This commit also puts `mark_sanitized` to work removing known
false postive flows.
 		2020-06-11 12:57:49 -07:00
..
data_import python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
lib pysa: Introduce sanitizers, models, and inline marking safe. 2020-06-11 12:57:49 -07:00
management python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
migrations python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
openapi api: Add GET /users/{user_id}/subscription/{stream_id} endpoint. 2020-06-10 17:59:14 -07:00
templatetags python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
tests python: Use standard NoReturn (Python ≥ 3.6). 2020-06-11 12:56:52 -07:00
tornado python: Use standard NoReturn (Python ≥ 3.6). 2020-06-11 12:56:52 -07:00
views pysa: Introduce sanitizers, models, and inline marking safe. 2020-06-11 12:57:49 -07:00
webhooks python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
worker pysa: Introduce sanitizers, models, and inline marking safe. 2020-06-11 12:57:49 -07:00
__init__.py
apps.py python: Convert assignment type annotations to Python 3.6 style. 2020-04-22 11:02:32 -07:00
context_processors.py python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
decorator.py realm: Allow only organization owners to deactivate a realm. 2020-06-10 17:33:02 -07:00
filters.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
forms.py python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
logging_handlers.py error logging: Inline add_deployment_metadata. 2020-05-06 16:29:53 -07:00
middleware.py python: Convert percent formatting to Python 3.6 f-strings. 2020-06-10 15:02:09 -07:00
models.py pysa: Introduce sanitizers, models, and inline marking safe. 2020-06-11 12:57:49 -07:00
signals.py python: Convert "".format to Python 3.6 f-strings. 2020-06-08 15:31:20 -07:00