Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/tests
History
Tim Abbott e3a4aeeffa CVE-2020-9445: Remove unused and insecure modal_link feature. 
Zulip's modal_link markdown feature has not been used since 2017; it
was a hack used for a 2013-era tutorial feature and was never used
outside that use case.

Unfortunately, it's sloppy implementation was exposed in the markdown
processor for all users, not just the tutorial use case.

More importantly, it was buggy, in that it did not validate the link
using the standard validation approach used by our other code
interacting with links.

The right solution is simply to remove it.
 		2020-04-01 14:01:45 -07:00
..
fixtures CVE-2020-9445: Remove unused and insecure modal_link feature. 2020-04-01 14:01:45 -07:00
images emoji: Only resize custom emoji that need it. 2019-01-29 10:33:50 -08:00
__init__.py
test_alert_words.py minor: Fix list/set test flake. 2020-03-15 09:11:14 -04:00
test_archive.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_attachments.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_audit_log.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_auth_backends.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_bots.py bot events: Prevent duplicate add-bot notifications. 2020-03-20 13:40:19 -07:00
test_bugdown.py CVE-2020-9445: Remove unused and insecure modal_link feature. 2020-04-01 14:01:45 -07:00
test_cache.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_camo.py camo: Add endpoint to handle camo requests. 2019-01-04 10:27:04 -08:00
test_compatibility.py version: Move minimum desktop version configuration to version.py. 2020-04-01 13:23:08 -07:00
test_create_video_call.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_custom_profile_data.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_decorators.py message: Validate propagate_mode parameters. 2020-03-24 12:36:45 -07:00
test_digest.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_docs.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_email_change.py populate_db, tests: Restrict emails in zulip realm. 2020-03-19 16:21:31 -07:00
test_email_log.py
test_email_mirror.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_email_notifications.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_embedded_bot_system.py tests: Use users in send_*_message. 2020-03-07 18:30:13 -08:00
test_event_queue.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_events.py bot events: Prevent duplicate add-bot notifications. 2020-03-20 13:40:19 -07:00
test_external.py rate_limit: Adjust keys() of some RateLimitedObjects. 2020-03-22 18:42:35 -07:00
test_gitter_importer.py tests: Move get_set to ZulipTestCase. 2019-05-21 14:10:29 -07:00
test_hipchat_importer.py hipchat: Limit messages in slim mode. 2018-11-26 16:37:30 -08:00
test_home.py compatibility: Add more strict desktop app blocking. 2020-03-24 20:33:11 -07:00
test_hotspots.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_i18n.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_import_export.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_integrations_dev_panel.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_internet.py tests: Replace httpretty with responses. 2020-01-22 11:56:15 -08:00
test_legacy_subject.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_link_embed.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_logging_handlers.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_management_commands.py python: Convert json.loads(f.read()) to json.load(f). 2020-03-24 10:46:32 -07:00
test_mattermost_importer.py emoji_codes: Replace JS module with JSON module. 2020-02-12 10:09:12 -08:00
test_message_edit_notifications.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_messages.py messages: Return shallow copy of message object. 2020-03-29 15:12:27 -07:00
test_middleware.py middleware: Log user.id/realm.string_id instead of _email. 2020-03-09 13:54:58 -07:00
test_migrations.py test_migrations: Disable migrations test. 2019-05-12 22:06:17 -07:00
test_muting.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_narrow.py messages: Return shallow copy of message object. 2020-03-29 15:12:27 -07:00
test_new_users.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_onboarding.py
test_openapi.py api docs: Migrate REAL-TIME /events to OpenAPI. 2020-03-27 17:43:35 -07:00
test_outgoing_webhook_interfaces.py messages: Return shallow copy of message object. 2020-03-29 15:12:27 -07:00
test_outgoing_webhook_system.py bot tests: Add test_multiple_services(). 2020-03-29 15:12:27 -07:00
test_populate_db.py models: Migration of Message.pub_date to date_sent, part 2. 2019-10-05 19:01:34 -07:00
test_presence.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_push_notifications.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_queue.py Upgrade pika to 1.1.*. 2019-10-29 17:01:12 -07:00
test_queue_worker.py rate_limit: Adjust keys() of some RateLimitedObjects. 2020-03-22 18:42:35 -07:00
test_reactions.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_realm.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_realm_domains.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_realm_emoji.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_realm_export.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_realm_filters.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_redis_utils.py redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 21:40:15 -08:00
test_report.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_retention.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_service_bot_system.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_sessions.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_settings.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_signup.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_slack_importer.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_slack_message_conversion.py python: Convert json.loads(f.read()) to json.load(f). 2020-03-24 10:46:32 -07:00
test_soft_deactivation.py tests: Use users in send_*_message. 2020-03-07 18:30:13 -08:00
test_subdomains.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
test_submessage.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_subs.py default streams: Change remove api to use stream_id. 2020-03-25 17:11:25 -07:00
test_templates.py test_templates: Remove shallow template rendering code. 2020-02-11 18:00:15 -08:00
test_thumbnail.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_timestamp.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
test_tornado.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_transfer.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_tutorial.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_type_debug.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
test_typing.py test performance: Pass in users to api_* helpers. 2020-03-11 14:18:29 -07:00
test_unread.py tests: Use email/delivery_email more explicitly. 2020-03-19 16:04:03 -07:00
test_upload.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_urls.py dependencies: Upgrade to Django 2.2.10. 2020-02-13 16:27:26 -08:00
test_user_groups.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_user_status.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_users.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
test_webhooks_common.py webhooks: Eliminate the usage of a headers.py file. 2019-06-26 10:35:14 -07:00
test_widgets.py test performance: Pass in users to api_* helpers. 2020-03-11 14:18:29 -07:00
test_zcommand.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00
test_zephyr.py tests: Limit email-based logins. 2020-03-11 17:10:22 -07:00