mirror of
https://github.com/zulip/zulip.git
synced 2025-10-23 04:52:12 +00:00
e29a455b2d
Hash the salt, user-id, and now avatar version into the filename. This allows the URL contents to be immutable, and thus to be marked as immutable and cacheable. Since avatars are served unauthenticated, hashing with a server-side salt makes the current and past avatars not enumerable. This requires plumbing the current (or future) avatar version through various parts of the upload process. Since this already requires a full migration of current avatars, also take the opportunity to fix the missing `.png` on S3 uploads (#12852). We switch from SHA-1 to SHA-256, but truncate it such that avatar URL data does not substantially increase in size. Fixes: #12852.
59 lines
2.3 KiB
Plaintext
59 lines
2.3 KiB
Plaintext
# This function ensures that a redirect is only within the specified domain.
|
|
# Assuming that the domain isn't attacker controllable, the result is safe to
|
|
# redirect to
|
|
def zerver.views.auth.get_safe_redirect_to(url, redirect_host) -> Sanitize: ...
|
|
|
|
# This function was previously the source of an open redirect, but has now been
|
|
# reviewed and patched, so the output should now be safe to redirect to,
|
|
# regardless of the value of the specified 'path'.
|
|
def zerver.lib.thumbnail.generate_thumbnail_url(
|
|
path,
|
|
size=...,
|
|
) -> Sanitize: ...
|
|
|
|
# This function returns a version of name that only contains word and space
|
|
# characters, or ., -, _ characters. This should be safe to put into URLs and
|
|
# filesystem operations.
|
|
def zerver.lib.upload.sanitize_name(value) -> Sanitize: ...
|
|
|
|
# This function accepts three integers and then concatenates them into a path
|
|
# segment. The result should be safe for use in filesystem and other operations.
|
|
def zerver.lib.avatar_hash.user_avatar_base_path_from_ids(user_profile_id, version, realm_id) -> Sanitize: ...
|
|
|
|
# This function creates a list of 'UserMessageLite' objects, which contain only
|
|
# integral IDs and flags. These should safe for use with SQL and other
|
|
# operations.
|
|
def zerver.actions.message_send.create_user_messages(
|
|
message,
|
|
um_eligible_user_ids,
|
|
long_term_idle_user_ids,
|
|
stream_push_user_ids,
|
|
stream_email_user_ids,
|
|
mentioned_user_ids,
|
|
mark_as_read
|
|
) -> Sanitize: ...
|
|
|
|
# This function is an identity function used for removing taint from variables
|
|
# when there is no convenient way to do it by annotating existing functions.
|
|
def zerver.lib.pysa.mark_sanitized(arg) -> Sanitize: ...
|
|
|
|
############################
|
|
# Overbroad approximations #
|
|
############################
|
|
|
|
# Note that the below functions are overbroad approximations of Sanitizers and
|
|
# could lead to false negatives. They should be replaced with more specific
|
|
# feature-based filtering when that is available through SAPP.
|
|
|
|
# This function generates a URL pointing to a valid Django endpoint, with
|
|
# arguments properly URL encoded. The resulting URL can usually be used as a
|
|
# part of a redirect or HTTP request without fear of open redirect or SSRF
|
|
# vulnerabilities respectively.
|
|
def django.urls.base.reverse(
|
|
viewname,
|
|
urlconf=...,
|
|
args=...,
|
|
kwargs=...,
|
|
current_app=...
|
|
) -> Sanitize: ...
|