Juliana Rodrigueiro [Wed, 19 Sep 2018 15:19:39 +0000]
Add more tests
Covering void tags, whitespaces, error for unopened tags and
decoding of unencoded urls.
Juliana Rodrigueiro [Wed, 19 Sep 2018 15:15:22 +0000]
Remove redundant parameter
Juliana Rodrigueiro [Wed, 19 Sep 2018 15:12:15 +0000]
Handle and sanitize only href content and not the whole tag
Juliana Rodrigueiro [Wed, 19 Sep 2018 15:03:24 +0000]
Handle tag validation according to its white list group
Make the whole validation process dependent of the group type
and not of specific tags and their particularities.
Juliana Rodrigueiro [Wed, 19 Sep 2018 14:36:07 +0000]
Divide allowed tags into three white lists
The tags are now divided into three white lists according to
their particularities:
_NORMAL, normal tags that don't accept attributes.
_VOID, void tags that may or not appear in self-closing notation.
_WITH_ATTR, normal tags that may accept attributes.
Juliana Rodrigueiro [Wed, 19 Sep 2018 09:55:20 +0000]
Wrap target attribute content in double quotes
Juliana Rodrigueiro [Wed, 8 Aug 2018 12:50:40 +0000]
Improve url regex and add documentation
Fix other minor things.
Juliana Rodrigueiro [Wed, 8 Aug 2018 12:42:55 +0000]
Identify and skip html entities in the input
Juliana Rodrigueiro [Sun, 30 Jul 2017 11:34:16 +0000]
Encode target url and adapted unit tests
Juliana Rodrigueiro [Wed, 8 Aug 2018 12:38:35 +0000]
Use regex to identify urls
Fix typos and adapt tests as well.
Juliana Rodrigueiro [Wed, 26 Jul 2017 21:52:34 +0000]
Cosmetic changes and typos correction
Juliana Rodrigueiro [Wed, 8 Aug 2018 12:11:27 +0000]
Add tests for restricted_html
Juliana Rodrigueiro [Wed, 8 Aug 2018 11:47:57 +0000]
Implement restric_html method
Juliana Rodrigueiro [Wed, 8 Aug 2018 11:52:03 +0000]
Make tokenize_by_tag public
Thomas Jarosch [Tue, 4 Sep 2018 15:39:05 +0000]
Add openssl-devel to build requirements
Thomas Jarosch [Wed, 15 Aug 2018 15:14:58 +0000]
Revert "restore join_string() symbols in library"
We bump the SOVERSION of the library, so no compat functions needed anymore.
This reverts commit
f3b61bd6816546a39a072a5b8be56d78cf775683.
Thomas Jarosch [Wed, 15 Aug 2018 14:54:30 +0000]
Bump soversion to 7 since the pipestream interface changed
Thomas Jarosch [Tue, 14 Aug 2018 15:24:14 +0000]
Merge branch 'pipeexec'
Thanks Philipp!
Philipp Gesang [Tue, 26 Jun 2018 07:38:56 +0000]
add support for guarding pipestream with NO_NEW_PRIVS
Add an option to the pipestream and related APIs to drop the
right to obtain further privileges before exec()ing the binary
(off by default). This may be used as an additional measure to
guard invocations of untrusted binaries or trusted ones that
operate on untrusted inputs.
Target audience: arnied scheduler, everywhere file(1) or
imagemagick tools are called.
Defects: it will be tricky to properly unit test this.
[0] https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
Philipp Gesang [Tue, 14 Aug 2018 13:38:50 +0000]
do not indent boost unittest structurals
As per request. Does not contain functional changes.
Philipp Gesang [Mon, 13 Aug 2018 15:25:58 +0000]
pass pipestream flags as bitset
Avoid cluttering the API with long lists of booleans by using
symbolic names instead.
Philipp Gesang [Tue, 17 Apr 2018 09:32:20 +0000]
add option to forward environment to pipestream
Add an argument to all execve-based pipestream APIs to control
whether *environ* should be passed through to the executed
command. Till now this used to depend on whether path lookup was
requested which is rather undesirable.
Unit tests included.
Philipp Gesang [Mon, 12 Feb 2018 14:32:36 +0000]
skip unit tests for handling child errors in pipestream with ancient boost
Philipp Gesang [Mon, 12 Feb 2018 10:52:23 +0000]
distinguish child errors from failing to exec
Use the old pipe/cloexec trick to separate errors from the spawned
program from such that occur before execv[p]e(). Only errors on
the far side of exec() may be handled by the user.
Philipp Gesang [Mon, 12 Feb 2018 09:48:07 +0000]
protect pipe fd with O_CLOEXEC
On the parent, prevent other exec()s than the one in our child
from carrying over the fd. The pipe wrapper may be long lived
for this to become a problem.
Philipp Gesang [Mon, 12 Feb 2018 08:19:53 +0000]
block signals before fork()ing the pipestream child
Block all signals until we are ready to handle them again.
In particular, this saves us checking for close(2) being
interrupted.
Philipp Gesang [Thu, 4 Jan 2018 16:35:48 +0000]
redirect unused fds to /dev/null in pipestream
Closing an fd like stdout and stderr will cause EBADF on access
which may not be handled in a child process. Thus redirect them
to /dev/null if the user requests that their output be ignored.
Philipp Gesang [Wed, 3 Jan 2018 17:08:44 +0000]
allow path lookup for pipestream
Add a flag ``path'' which, if set, causes the specified program
to be executed with execvpe(); also, the environment is passed
on so in this case (to propagate $PATH) so it is up to the caller
to sanitize envp beforehand.
Philipp Gesang [Thu, 4 Jan 2018 08:17:10 +0000]
add printing helper to pipestream status specification
Philipp Gesang [Wed, 3 Jan 2018 16:16:43 +0000]
handle pipe termination separately depending on whether a shell is present
Keep the child's pid around and wait() for it to perish in the
dtor of inpipestream. Return the error from closing the pipe or
terminating the process in the shell-free version. The mechanism
for retrieving the status does not allow to distinguish between
the two, so always prefer the latter.
Philipp Gesang [Wed, 3 Jan 2018 13:50:50 +0000]
add pipestream unit tests for execution failure
Note that on the Intranator as of 6.4.13, the argument
--catch_system_errors=no must be passed to the unit test
executable on account of ancient Boost being oversensitive to
child process termination.
Philipp Gesang [Tue, 2 Jan 2018 16:55:28 +0000]
allow selecting stdout and stderr with inpipestream
Only handle the user-requested fd in the forked command and
discard the other.
Philipp Gesang [Tue, 2 Jan 2018 16:12:47 +0000]
bump release version 2.9 -> 2.10
Philipp Gesang [Tue, 2 Jan 2018 16:10:13 +0000]
add pipestream ctor overload for vectors of string
Add definitions that make passing a vector<string> equivalent to
passing a char**, i. e. take the execve() path.
Philipp Gesang [Tue, 2 Jan 2018 15:13:30 +0000]
add unit test series for pipestream
Setup skeleton unit test file with some simple functionality
tests and include it in a normal run. There haven't been any
pipestream tests so far.
Philipp Gesang [Fri, 9 Feb 2018 13:21:41 +0000]
add shell-free pipestream
Overload the pipestream ctor with a variant that avoids shelling
out with *popen(3)* that is chosen by passing an argument list
in lieu of a command.
Juliana Rodrigueiro [Wed, 8 Aug 2018 12:40:24 +0000]
Implement percent url encoder and decoder
Juliana Rodrigueiro [Wed, 8 Aug 2018 12:13:39 +0000]
Add basic restricted_html structure
Philipp Gesang [Mon, 29 Jan 2018 08:03:38 +0000]
use glibc syscall wrapper for clock_gettime
These are available on any non-ancient system by now so it’s safe
to drop them.
Thomas Jarosch [Wed, 8 Aug 2018 09:31:39 +0000]
Merge branch 'scopetracker-nothrow'
The nothrow() modification of SourceLocation has been dropped
since std::string might throw std::bad_alloc.
Fixing this would require more work for little gain.
Christian Herdtweck [Mon, 6 Aug 2018 10:43:33 +0000]
Wrap Scopetracker constructor/destructor in big try-catch
Christian Herdtweck [Mon, 6 Aug 2018 10:43:07 +0000]
Return NULL thread local storage instead of raising exception
Thomas Jarosch [Thu, 2 Aug 2018 13:39:44 +0000]
Merge branch 'stringfunc-join_string'
Philipp Gesang [Thu, 19 Jul 2018 14:01:30 +0000]
restore join_string() symbols in library
To keep the library it backward compatible, instantiate versions
of join_string() for STL containers.
Old symbols (x86):
0003a040 g DF .text
00000083 Base _ZN3I2n11join_stringERKSt4listISsSaISsEERKSs
00039fb0 g DF .text
00000084 Base _ZN3I2n11join_stringERKSt6vectorISsSaISsEERKSs
New symbols:
000aa0fd g DF .text
00000041 Base _ZN3I2n11join_stringERKSt4listISsSaISsEERKSs
000b084d w DF .text
0000017d Base _ZN3I2n11join_stringISt20_List_const_iteratorISsEEESsT_S3_RKSs
000b09ca w DF .text
0000017d Base _ZN3I2n11join_stringIN9__gnu_cxx17__normal_iteratorIPKSsSt6vectorISsSaISsEEEEEESsT_S9_RS3_
000aa13e g DF .text
00000041 Base _ZN3I2n11join_stringERKSt6vectorISsSaISsEERKSs
000afbce w DF .text
00000074 Base _ZN3I2n11join_stringISt6vectorISsSaISsEEEESsRKT_RKSs
000a9f62 g DF .text
0000019b Base _ZN3I2n11join_stringEPKPKcRKSs
000afb5a w DF .text
00000074 Base _ZN3I2n11join_stringISt4listISsSaISsEEEESsRKT_RKSs
Philipp Gesang [Thu, 19 Jul 2018 13:32:51 +0000]
add unit tests for join_string() overloads
Philipp Gesang [Thu, 19 Jul 2018 10:54:06 +0000]
implement iterator based join_string()
For more idiomatic C++, add a version of join_string () that
accepts a pair of iterators and templatize it, to supersede the
existing boilerplate variants. Good riddance.
Philipp Gesang [Thu, 19 Jul 2018 09:02:53 +0000]
overload join_string() for std::set
Philipp Gesang [Fri, 9 Feb 2018 13:19:36 +0000]
add char** overloads for join_string
Add overloads to joing NULL-terminated arrays with
join_string().
Philipp Gesang [Tue, 24 Apr 2018 11:23:12 +0000]
change permissions before fsync()
Reorder the calls so that the metadata changes performed by
fchmod() are committed to disk (journal) the same way as the
data.
Gerd von Egidy [Tue, 27 Jun 2017 15:06:27 +0000]
Adapt Requires.private and Libs.private to make pkg-config output all neccessary libs for a static build
Gerd von Egidy [Tue, 27 Jun 2017 11:00:53 +0000]
build static library versions of libi2ncommon too
Gerd von Egidy [Tue, 27 Jun 2017 09:05:00 +0000]
BOOST_MESSAGE got replaced by BOOST_TEST_MESSAGE in newer versions of boost
Thomas Jarosch [Thu, 8 Jun 2017 09:22:14 +0000]
base64 encoder/decoder: Add parameter to control linefeed handling
openssl is very strict about if the input data of the decoder
contains linefeeds or not.
Therefore make it a parameter and default
to "one line" base64 output/input.
Add unit test cases.
Thomas Jarosch [Fri, 19 May 2017 13:31:23 +0000]
Add new base64_encode() / base64_decode() functions
Based upon openssl. If an error occurs, an exception
is thrown and memory cleanup is still done.
Thomas Jarosch [Thu, 23 Mar 2017 11:25:13 +0000]
Increase version to 2.9
Carefully checked that it should be ABI compatible to 2.8.
Thomas Jarosch [Thu, 23 Mar 2017 10:42:35 +0000]
Declare internal function rounding_upwards() to have local linkage only
Thomas Jarosch [Thu, 23 Mar 2017 10:37:35 +0000]
Rename get_dir_size() to get_dir_count()
Christian Herdtweck [Wed, 15 Feb 2017 14:41:07 +0000]
Create unittest for i18n_noop[s]
Christian Herdtweck [Wed, 15 Feb 2017 14:40:50 +0000]
Add another convenience function allowing i18n_noops("foo")+"bar"
Thomas Jarosch [Thu, 23 Mar 2017 09:23:01 +0000]
Merge branch 'scopetracker-shorter-types'
Christian Herdtweck [Wed, 25 Jan 2017 08:39:48 +0000]
Run shorten_stl_types (and a bit more) only if needed in scope tracker
Christian Herdtweck [Tue, 24 Jan 2017 09:54:42 +0000]
Use new shorten_stl_types in scope tracker
Christian Herdtweck [Tue, 24 Jan 2017 09:54:17 +0000]
Create unit tests for new shorten_stl_types
Christian Herdtweck [Tue, 24 Jan 2017 09:54:08 +0000]
Create string-function shorten_stl_types
Christian Herdtweck [Thu, 16 Mar 2017 13:13:24 +0000]
Create get_dir_size to avoid unnecessary name copying if only size needed
Thomas Jarosch [Wed, 22 Mar 2017 10:11:44 +0000]
Merge branch 'remove-html-comments'
Thomas Jarosch [Wed, 22 Mar 2017 10:10:47 +0000]
Change find_html_comments() API to return the results
Christian Herdtweck [Fri, 17 Feb 2017 17:09:40 +0000]
Create vector-result-version of split_string with unit test
[Note from Tom during review:
Can still be optimized later on when the API is in place]
Christian Herdtweck [Wed, 8 Feb 2017 15:22:51 +0000]
Add unittests for new find/replace_html_comments
Christian Herdtweck [Wed, 8 Feb 2017 15:22:34 +0000]
Create functions find/remove_html_comments
Similar functions existed in two places in UI but these were not able to
deal with nested comments.
Christian Herdtweck [Thu, 15 Dec 2016 12:38:13 +0000]
Added function format_date which is format_full_time without time
Christian Herdtweck [Wed, 25 Jan 2017 08:58:19 +0000]
Clean up log file created in unit tests
Christian Herdtweck [Wed, 25 Jan 2017 08:58:08 +0000]
Ensure filefunc unit test works with all working dirs
The __FILE__ macro contains an absolute path.
Christian Herdtweck [Wed, 8 Feb 2017 12:22:09 +0000]
Fix comment
Christian Herdtweck [Wed, 4 Jan 2017 08:37:50 +0000]
Add convenience functions for i18n_get_string + unit tests
Christian Herdtweck [Thu, 8 Dec 2016 09:27:20 +0000]
Correct file header docu
Christian Herdtweck [Fri, 2 Dec 2016 13:47:54 +0000]
Add comment about error-checking to docu of string_to<T>
Christian Herdtweck [Tue, 15 Nov 2016 12:17:13 +0000]
Add comments for mkstemp in filefunc so I do not try to re-create tmpfstream again
Christian Herdtweck [Tue, 8 Nov 2016 09:02:56 +0000]
Add overload of join_string for vector argument + unittest
Christian Herdtweck [Tue, 8 Nov 2016 09:02:06 +0000]
Fix unittests
Gerd von Egidy [Mon, 18 Jul 2016 12:11:43 +0000]
add functions to convert from hex strings to other types
Christian Herdtweck [Tue, 12 Jul 2016 09:00:38 +0000]
increased revision --> now version 2.8 rev 2
Christian Herdtweck [Tue, 12 Jul 2016 08:46:41 +0000]
update i18n-ed string for "day"/"days" since it clashed with UI
Christian Herdtweck [Wed, 1 Jun 2016 08:00:42 +0000]
extended unittest to double-version of nice_unit_format
Christian Herdtweck [Wed, 1 Jun 2016 08:00:27 +0000]
added function nice_unit_format for double input (calls other after proper round&cast)
Christian Herdtweck [Wed, 1 Jun 2016 07:42:02 +0000]
made arg const that is not modified
Thomas Jarosch [Wed, 23 Dec 2015 18:13:26 +0000]
Switch to Intra2net rpm group
Gerd von Egidy [Thu, 17 Dec 2015 22:01:03 +0000]
implement counting hardlinked files only once in du()
Gerd von Egidy [Thu, 17 Dec 2015 15:28:17 +0000]
fix missing include files and inline definition
Gerd von Egidy [Thu, 17 Dec 2015 10:53:00 +0000]
make unittest compatible with old versions of du that don't offer the --output option
Gerd von Egidy [Thu, 17 Dec 2015 10:22:47 +0000]
increase version to 2.8, soversion to 6 since we changed the interface
Gerd von Egidy [Thu, 17 Dec 2015 10:19:52 +0000]
retry df test up to 5 times if it fails due to some other program writing/deleting in /tmp
Thomas Jarosch [Thu, 17 Dec 2015 10:01:38 +0000]
Always initialize exit_set
Be on the safe side.
Gerd von Egidy [Thu, 17 Dec 2015 09:56:27 +0000]
rename pipe_to_string() to capture_exec() and improve it's interface
Gerd von Egidy [Thu, 17 Dec 2015 09:27:38 +0000]
check if status_set != NULL before setting it
Gerd von Egidy [Thu, 17 Dec 2015 09:26:07 +0000]
split pipestream.hxx into .hxx and .cpp
Thomas Jarosch [Thu, 17 Dec 2015 08:26:09 +0000]
Fix typo in comment
Gerd von Egidy [Wed, 16 Dec 2015 23:57:29 +0000]
implement pipe_to_string() and use it to shorten the test case sourcecode
Gerd von Egidy [Wed, 16 Dec 2015 23:32:07 +0000]
implement du()
Gerd von Egidy [Wed, 16 Dec 2015 23:04:39 +0000]
also replace opendir() by our get_dir(), you get eye cancer when looking at the c functions