Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/lib/url_preview
History
Graham Bleaney 461d5b1a3e pysa: Introduce sanitizers, models, and inline marking safe. 
This commit adds three `.pysa` model files: `false_positives.pysa`
for ruling out false positive flows with `Sanitize` annotations,
`req_lib.pysa` for educating pysa about Zulip's `REQ()` pattern for
extracting user input, and `redirects.pysa` for capturing the risk
of open redirects within Zulip code. Additionally, this commit
introduces `mark_sanitized`, an identity function which can be used
to selectively clear taint in cases where `Sanitize` models will not
work. This commit also puts `mark_sanitized` to work removing known
false postive flows.
 		2020-06-11 12:57:49 -07:00
..
parsers url_preview: Fix parsing of open graph tags. 2019-12-12 15:24:38 -08:00
__init__.py
oembed.py url_preview: Discard url in oembed if server returns invalid json. 2020-04-11 11:54:54 -07:00
preview.py pysa: Introduce sanitizers, models, and inline marking safe. 2020-06-11 12:57:49 -07:00