extern/apprise
1
0
Fork 0
mirror of https://github.com/caronc/apprise.git synced 2025-01-03 20:49:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Strict enforcing of +, -, and : prefixed kwargs in URLs (#302)

Browse Source
This commit is contained in:
Chris Caron 2020-09-26 20:14:55 -04:00 committed by GitHub
parent fcd81160be
commit a853546f0f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 82 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apprise/config/ConfigBase.py
View File

@ -41,6 +41,10 @@ from ..utils import parse_bool
from ..utils import parse_urls from ..utils import parse_urls
from . import SCHEMA_MAP from . import SCHEMA_MAP
# Test whether token is valid or not
VALID_TOKEN = re.compile(
r'(?P<token>[a-z0-9][a-z0-9_]+)', re.I)
class ConfigBase(URLBase): class ConfigBase(URLBase):
""" """
@ -878,6 +882,17 @@ class ConfigBase(URLBase):
# Just use the global settings # Just use the global settings
_results['tag'] = global_tags _results['tag'] = global_tags
for key in list(_results.keys()):
# Strip out any tokens we know that we can't accept and
# warn the user
match = VALID_TOKEN.match(key)
if not match:
ConfigBase.logger.warning(
'Ignoring invalid token ({}) found in YAML '
'configuration entry #{}, item #{}'
.format(key, no + 1, entry))
del _results[key]
ConfigBase.logger.trace( ConfigBase.logger.trace(
'URL #{}: {} unpacked as:{}{}' 'URL #{}: {} unpacked as:{}{}'
.format(no + 1, url, os.linesep, os.linesep.join( .format(no + 1, url, os.linesep, os.linesep.join(

8
apprise/plugins/NotifyEnigma2.py
View File

@ -338,8 +338,12 @@ class NotifyEnigma2(NotifyBase):
# Add our headers that the user can potentially over-ride if they wish # Add our headers that the user can potentially over-ride if they wish
# to to our returned result set # to to our returned result set
results['headers'] = results['qsd-'] results['headers'] = results['qsd+']
results['headers'].update(results['qsd+']) if results['qsd-']:
results['headers'].update(results['qsd-'])
NotifyBase.logger.deprecate(
"minus (-) based Enigma header tokens are being "
" removed; use the plus (+) symbol instead.")
# Tidy our header entries by unquoting them # Tidy our header entries by unquoting them
results['headers'] = { results['headers'] = {

4
apprise/plugins/NotifyIFTTT.py
View File

@ -325,6 +325,10 @@ class NotifyIFTTT(NotifyBase):
# Unquote our API Key # Unquote our API Key
results['webhook_id'] = NotifyIFTTT.unquote(results['webhook_id']) results['webhook_id'] = NotifyIFTTT.unquote(results['webhook_id'])
# Parse our add_token and del_token arguments (if specified)
results['add_token'] = results['qsd+']
results['del_token'] = results['qsd-']
# Our Event # Our Event
results['events'] = list() results['events'] = list()
if results['user']: if results['user']:

8
apprise/plugins/NotifyJSON.py
View File

@ -259,8 +259,12 @@ class NotifyJSON(NotifyBase):
# Add our headers that the user can potentially over-ride if they wish # Add our headers that the user can potentially over-ride if they wish
# to to our returned result set # to to our returned result set
results['headers'] = results['qsd-'] results['headers'] = results['qsd+']
results['headers'].update(results['qsd+']) if results['qsd-']:
results['headers'].update(results['qsd-'])
NotifyBase.logger.deprecate(
"minus (-) based JSON header tokens are being "
" removed; use the plus (+) symbol instead.")
# Tidy our header entries by unquoting them # Tidy our header entries by unquoting them
results['headers'] = {NotifyJSON.unquote(x): NotifyJSON.unquote(y) results['headers'] = {NotifyJSON.unquote(x): NotifyJSON.unquote(y)

8
apprise/plugins/NotifyNextcloud.py
View File

@ -287,7 +287,11 @@ class NotifyNextcloud(NotifyBase):
# Add our headers that the user can potentially over-ride if they # Add our headers that the user can potentially over-ride if they
# wish to to our returned result set # wish to to our returned result set
results['headers'] = results['qsd-'] results['headers'] = results['qsd+']
results['headers'].update(results['qsd+']) if results['qsd-']:
results['headers'].update(results['qsd-'])
NotifyBase.logger.deprecate(
"minus (-) based Nextcloud header tokens are being "
" removed; use the plus (+) symbol instead.")
return results return results

8
apprise/plugins/NotifyNotica.py
View File

@ -365,8 +365,12 @@ class NotifyNotica(NotifyBase):
# Add our headers that the user can potentially over-ride if they # Add our headers that the user can potentially over-ride if they
# wish to to our returned result set # wish to to our returned result set
results['headers'] = results['qsd-'] results['headers'] = results['qsd+']
results['headers'].update(results['qsd+']) if results['qsd-']:
results['headers'].update(results['qsd-'])
NotifyBase.logger.deprecate(
"minus (-) based Notica header tokens are being "
" removed; use the plus (+) symbol instead.")
return results return results

8
apprise/plugins/NotifyXML.py
View File

@ -278,8 +278,12 @@ class NotifyXML(NotifyBase):
# Add our headers that the user can potentially over-ride if they wish # Add our headers that the user can potentially over-ride if they wish
# to to our returned result set # to to our returned result set
results['headers'] = results['qsd-'] results['headers'] = results['qsd+']
results['headers'].update(results['qsd+']) if results['qsd-']:
results['headers'].update(results['qsd-'])
NotifyBase.logger.deprecate(
"minus (-) based XML header tokens are being "
"removed; use the plus (+) symbol instead.")
# Tidy our header entries by unquoting them # Tidy our header entries by unquoting them
results['headers'] = {NotifyXML.unquote(x): NotifyXML.unquote(y) results['headers'] = {NotifyXML.unquote(x): NotifyXML.unquote(y)

21
test/test_apprise_config.py
View File

@ -83,6 +83,9 @@ def test_apprise_config(tmpdir):
# Just 1 token provided causes exception # Just 1 token provided causes exception
sns://T1JJ3T3L2/ sns://T1JJ3T3L2/
# XML
xml://localhost/?+HeaderEntry=Test&:IgnoredEntry=Ignored
""") """)
# Create ourselves a config object # Create ourselves a config object
@ -95,8 +98,8 @@ def test_apprise_config(tmpdir):
# when there is at least one entry # when there is at least one entry
assert ac assert ac
# We should be able to read our 3 servers from that # We should be able to read our 4 servers from that
assert len(ac.servers()) == 3 assert len(ac.servers()) == 4
# Get our URL back # Get our URL back
assert isinstance(ac[0].url(), six.string_types) assert isinstance(ac[0].url(), six.string_types)
@ -345,6 +348,16 @@ def test_apprise_add_config():
- mailto://usera:pass@gmail.com - mailto://usera:pass@gmail.com
- gnome://: - gnome://:
tag: taga,tagb tag: taga,tagb
- json://localhost:
+HeaderEntry1: 'a header entry'
-HeaderEntryDepricated: 'a deprecated entry'
:HeaderEntryIgnored: 'an ignored header entry'
- xml://localhost:
+HeaderEntry1: 'a header entry'
-HeaderEntryDepricated: 'a deprecated entry'
:HeaderEntryIgnored: 'an ignored header entry'
""" """
# Create ourselves a config object # Create ourselves a config object
@ -359,8 +372,8 @@ def test_apprise_add_config():
# when there is at least one entry # when there is at least one entry
assert ac assert ac
# We should be able to read our 2 servers from that # We should be able to read our 4 servers from that
assert len(ac.servers()) == 2 assert len(ac.servers()) == 4
# Now an invalid configuration file # Now an invalid configuration file
content = "invalid" content = "invalid"

15
test/test_config_base.py
View File

@ -234,6 +234,10 @@ def test_config_base_config_parse_text():
# Valid Configuration # Valid Configuration
result, config = ConfigBase.config_parse_text(""" result, config = ConfigBase.config_parse_text("""
# A completely invalid token on json string (it gets ignored)
# but the URL is still valid
json://localhost?invalid-token=nodashes
# A comment line over top of a URL # A comment line over top of a URL
mailto://userb:pass@gmail.com mailto://userb:pass@gmail.com
@ -256,7 +260,7 @@ def test_config_base_config_parse_text():
# We expect to parse 3 entries from the above # We expect to parse 3 entries from the above
assert isinstance(result, list) assert isinstance(result, list)
assert isinstance(config, list) assert isinstance(config, list)
assert len(result) == 3 assert len(result) == 4
assert len(result[0].tags) == 0 assert len(result[0].tags) == 0
# Our last element will have 2 tags associated with it # Our last element will have 2 tags associated with it
@ -545,12 +549,17 @@ urls:
- mailto://test:password@gmail.com - mailto://test:password@gmail.com
- https://apprise.ryver.com/application/webhook/ckhrjW8w672m6HG - https://apprise.ryver.com/application/webhook/ckhrjW8w672m6HG
- https://not.a.native.url/ - https://not.a.native.url/
# A completely invalid token on json string (it gets ignored)
# but the URL is still valid
- json://localhost?invalid-token=nodashes
""", asset=asset) """, asset=asset)
# We expect to parse 3 entries from the above # We expect to parse 4 entries from the above
# The Ryver one is in a native form and the 4th one is invalid # The Ryver one is in a native form and the 4th one is invalid
assert isinstance(result, list) assert isinstance(result, list)
assert len(result) == 3 assert len(result) == 4
assert len(result[0].tags) == 0 assert len(result[0].tags) == 0
# There were 3 include entries # There were 3 include entries

4
test/test_rest_plugins.py
View File

@ -1924,6 +1924,10 @@ TEST_URLS = (
('notica://localhost:8080//%s/?+HeaderKey=HeaderValue' % ('7' * 6), { ('notica://localhost:8080//%s/?+HeaderKey=HeaderValue' % ('7' * 6), {
'instance': plugins.NotifyNotica, 'instance': plugins.NotifyNotica,
}), }),
# Test Depricated Header overrides
('notica://localhost:8080//%s/?-HeaderKey=HeaderValue' % ('7' * 6), {
'instance': plugins.NotifyNotica,
}),
('notica://%s' % ('c' * 6), { ('notica://%s' % ('c' * 6), {
'instance': plugins.NotifyNotica, 'instance': plugins.NotifyNotica,
# force a failure # force a failure