Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(231)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/chromium_bugs/main.py

Issue 1473493002: Limit issue wizard continue= to our domains. (Closed) Base URL: https://chromium.googlesource.com/infra/infra.git@master
Patch Set: Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/usr/bin/env python 1 #!/usr/bin/env python
2 # 2 #
3 # Copyright 2012 Google Inc. 3 # Copyright 2012 Google Inc.
4 # 4 #
5 # Licensed under the Apache License, Version 2.0 (the "License"); 5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License. 6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at 7 # You may obtain a copy of the License at
8 # 8 #
9 # http://www.apache.org/licenses/LICENSE-2.0 9 # http://www.apache.org/licenses/LICENSE-2.0
10 # 10 #
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after
68 68
69 MISSING_TOKEN_HTML = ( 69 MISSING_TOKEN_HTML = (
70 '<html><body>' 70 '<html><body>'
71 '<h1>Not signed in</h1>' 71 '<h1>Not signed in</h1>'
72 '<p>Please go back and sign in to code.google.com before ' 72 '<p>Please go back and sign in to code.google.com before '
73 'using this wizard.</p>' 73 'using this wizard.</p>'
74 '' 74 ''
75 '</body></html>' 75 '</body></html>'
76 ) 76 )
77 77
78 # The continue_url must start with one of these.
79 ALLOWED_CONTINUE_DOMAINS = [
80 'http://localhost:8080/',
81 'https://code.google.com/',
82 'https://bugs.chromium.org/',
83 'https://bugs-staging.chromium.org/',
84 ]
85
86 INVALID_CONTINUE_HTML = (
87 '<html><body>'
88 '<h1>Invalid continue parameter</h1>'
89 '<p>This wizard can only be used with '
90 'code.google.com and bugs.chromium.org.</p>'
91 ''
92 '</body></html>'
93 )
94
95
78 class MainHandler(webapp2.RequestHandler): 96 class MainHandler(webapp2.RequestHandler):
79 97
80 def get(self): 98 def get(self):
81 uas = self.request.headers['User-Agent'] 99 uas = self.request.headers['User-Agent']
82 role = self.request.get('role') 100 role = self.request.get('role')
83 continue_url = self.request.get('continue') 101 continue_url = self.request.get('continue')
84 token = self.request.get('token') 102 token = self.request.get('token')
85 103
86 if continue_url and not token: 104 if continue_url and not token:
105 logging.info('Missing token')
87 self.response.out.write(MISSING_TOKEN_HTML) 106 self.response.out.write(MISSING_TOKEN_HTML)
88 return 107 return
89 108
90 if not continue_url: 109 if not continue_url:
91 continue_url = 'http://code.google.com/p/chromium/issues/entry.do' 110 continue_url = 'https://code.google.com/p/chromium/issues/entry.do'
92 111
93 # Special case, chromium-os issues are now being tracked in /p/chromium. 112 # Special case, chromium-os issues are now being tracked in /p/chromium.
94 if '//code.google.com/p/chromium-os/issues/entry.do' in continue_url: 113 if '//code.google.com/p/chromium-os/issues/entry.do' in continue_url:
95 continue_url = 'http://code.google.com/p/chromium/issues/entry.do' 114 continue_url = 'https://code.google.com/p/chromium/issues/entry.do'
115
116 if not any(continue_url.startswith(domain)
117 for domain in ALLOWED_CONTINUE_DOMAINS):
118 logging.info('Bad continue param: %r', continue_url)
119 self.response.out.write(INVALID_CONTINUE_HTML)
120 return
96 121
97 if '?' in continue_url: 122 if '?' in continue_url:
98 # Codesite includes contextual parameters for search terms, etc. 123 # Codesite includes contextual parameters for search terms, etc.
99 validate_url = continue_url.split('?')[0] 124 validate_url = continue_url.split('?')[0]
100 else: 125 else:
101 validate_url = continue_url 126 validate_url = continue_url
102 127
103 if (not validate_url.startswith('http') or 128 if not validate_url.endswith('.do'):
104 not validate_url.endswith('.do')): 129 logging.info('validate_url does not end in .do: %r', validate_url)
105 self.response.out.write( 130 self.response.out.write(
106 'Malformed "continue" query string parameter: %r' % 131 'Malformed "continue" query string parameter: %r' %
107 urllib.quote(validate_url)) 132 urllib.quote(validate_url))
108 return 133 return
109 134
110 issue_entry_page_url = validate_url[:-3] 135 issue_entry_page_url = validate_url[:-3]
111 136
112 user = users.get_current_user() 137 user = users.get_current_user()
113 if role or (user and re.match( 138 if role or (user and re.match(
114 r".*?@chromium\.org\Z", user.email(), re.DOTALL | re.IGNORECASE)): 139 r".*?@chromium\.org\Z", user.email(), re.DOTALL | re.IGNORECASE)):
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after
255 return True 280 return True
256 281
257 return False 282 return False
258 283
259 284
260 application = webapp2.WSGIApplication( 285 application = webapp2.WSGIApplication(
261 [('/', MainHandler), 286 [('/', MainHandler),
262 ('/wizard.html', MainHandler), 287 ('/wizard.html', MainHandler),
263 ('/wizard.do', MainHandler)], 288 ('/wizard.do', MainHandler)],
264 debug=True) 289 debug=True)
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698