Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 8fd7ec4595c409237a8240a22f98379707515a5b https://github.com/tribe29/checkmk/commit/8fd7ec4595c409237a8240a22f9837970… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-12 (Mon, 12 Apr 2021) Changed paths: A tests/unit/cmk/gui/plugins/views/test_painters.py Log Message: ----------- Add test to verify registered painters in different editions Change-Id: I66ac00bd5114b4e2bb1d224b76318e35d19f41dc Commit: e97e8493595fc5ec41886cc128fb8dec659ca6a6 https://github.com/tribe29/checkmk/commit/e97e8493595fc5ec41886cc128fb8dec6… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-12 (Mon, 12 Apr 2021) Changed paths: M tests/unit/cmk/gui/test_views.py Log Message: ----------- Remove long disabled development test that tested painter properties Change-Id: I8c58a3d507cbf91e33c04b86eea301f4ec8a5f9b Commit: 7201b295224db5cfece491403084b6f55e245188 https://github.com/tribe29/checkmk/commit/7201b295224db5cfece491403084b6f55… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-12 (Mon, 12 Apr 2021) Changed paths: M tests/unit/cmk/gui/plugins/views/test_painters.py Log Message: ----------- Service painters: Add test to verify content The tests don't verify the actual painter content but only whether or not they produce a valid content and don't raise exceptions. After changing the painter escaping mechanic we can use these tests to verify that no painter returns HTML code that will be escaped later. Change-Id: Icac3fccbc5b11bf243e9493371bfb0b657eee58f Commit: f93d836ffb0fe6e6817f5c58d29223ffe9f927ba https://github.com/tribe29/checkmk/commit/f93d836ffb0fe6e6817f5c58d29223ffe… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-12 (Mon, 12 Apr 2021) Changed paths: M cmk/gui/plugins/views/mobile.py M cmk/gui/plugins/views/utils.py Log Message: ----------- Tighten painter content escaping In previous Checkmk versions the content returned by a painters render method was always processed as HTML code, even when only a str object was returned. This unclean handling of the returned data resulted in possible injection or XSS attacks. This change requires multiple painters to be changed in the next steps. Since the str objects are now escaped, the painter render() methods that want to render HTML code need to return HTML() objects instead of str objects. Change-Id: I767c643501165dbe38a04cf28f677f92ec30736c Commit: 1d272f9fcfd960d541cf66f7c5852d5b2a4f50e3 https://github.com/tribe29/checkmk/commit/1d272f9fcfd960d541cf66f7c5852d5b2… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-12 (Mon, 12 Apr 2021) Changed paths: M cmk/gui/metrics.py M cmk/gui/plugins/views/painters.py Log Message: ----------- Move dedicated helper function to painter Change-Id: Iff3899342ac61a60482f50369095a653cde82474 Commit: 19c9a24bd1595211fed350f71b94c3110cacddcb https://github.com/tribe29/checkmk/commit/19c9a24bd1595211fed350f71b94c3110… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-12 (Mon, 12 Apr 2021) Changed paths: M cmk/gui/plugins/views/inventory.py M cmk/gui/plugins/views/painters.py M cmk/gui/plugins/views/utils.py M cmk/gui/view_utils.py Log Message: ----------- Fix content escaping of some painters Change-Id: I24aa8431970a9093ec52b18207175845c1e9ac97 Commit: c10fff1d959fae85d7804d4cb6b9b184f59cfbbf https://github.com/tribe29/checkmk/commit/c10fff1d959fae85d7804d4cb6b9b184f… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-12 (Mon, 12 Apr 2021) Changed paths: M tests/unit/cmk/gui/plugins/views/test_painters.py Log Message: ----------- Painters: Verify HTML escaping Change-Id: I3805ef16b4e8954e535808db13a9ffbb7b683dea Commit: 953a3804376b1f8c16539f65699424ceef011588 https://github.com/tribe29/checkmk/commit/953a3804376b1f8c16539f65699424cee… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-12 (Mon, 12 Apr 2021) Changed paths: M cmk/gui/plugins/views/inventory.py Log Message: ----------- Add some type hints to inventory painters Change-Id: I612c0f8dbaa4015dbf404e46594748a256709909 Commit: 68e71df884776bb0f237c311f7955fd2df63ebc4 https://github.com/tribe29/checkmk/commit/68e71df884776bb0f237c311f7955fd2d… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-12 (Mon, 12 Apr 2021) Changed paths: M cmk/gui/bi.py M cmk/gui/plugins/views/__init__.py M cmk/gui/plugins/views/bi.py Log Message: ----------- BI painters: Fix content escaping; spread some type hints Change-Id: Idfb40ba89ec94b136b6892224a600bae674bf621 Commit: 18e4cd1400d36721941b298b033f5e352e48d795 https://github.com/tribe29/checkmk/commit/18e4cd1400d36721941b298b033f5e352… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-12 (Mon, 12 Apr 2021) Changed paths: M cmk/gui/plugins/views/crash_reporting.py M cmk/gui/plugins/views/mkeventd.py M cmk/gui/plugins/views/painters.py Log Message: ----------- Remove now redundant escaping Since the generic view painter rendering is now performing escaping on non HTML content, the explicit escaping in the painters is not needed anymore. Change-Id: Ifa2777a389817187b832354ddd91cc194b0a83f0 Compare: https://github.com/tribe29/checkmk/compare/ce24c8308169...18e4cd1400d3