vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
43715 commits 1 branch 0 tags 587 MiB
Commit graph

18 commits

Author SHA1 Message Date
Ankush Menat
6e0b522ae3 refactor!: Disable server scripts by default 
- Move the config to bench level and not site level because, server
  script "threat model" requires consent from a bench owner and not
  individual site.
- While this is a breaking change which people may not like, we believe
  it's essential to improve security model of Frappe.
 2023-08-23 14:49:05 +05:30
Ankush Menat
8ddde056a0 fix: dont allow NamedExpr in safe_eval 2023-08-21 12:42:21 +05:30
Ankush Menat
eede56d5df fix: dont allow writes to live objects 2023-08-21 12:04:55 +05:30
Ankush Menat
1c15c556d4 test: add more safe_eval tests 2023-08-21 11:59:53 +05:30
Sagar Vora
7d47d10692 fix: override RestrictedPython transformer to allow _dict, revert frappe.as_dict 2022-12-07 13:45:28 +05:30
Sagar Vora
10695d3d49 feat: make context optional when calling render_template 2022-12-07 13:32:38 +05:30
Sagar Vora
f2e1dbe7eb fix: restore _dict, used in Jinja code 2022-12-07 13:13:27 +05:30
Ankush Menat
e02b90cd5b
fix: dont allow reading attributes of unsafe objects (#18706) 2022-11-06 17:33:02 +05:30
Ankush Menat
3e2d2a703a test: Use FrappeTestCase everywhere 2022-08-17 16:39:42 +05:30
Suraj Shetty
c0c5b2ebdd
style: format all python files using black (#16453) 
Co-authored-by: Frappe Bot <developers@frappe.io>
 2022-04-12 10:59:25 +05:30
Sagar Vora
01f4ba2061 feat: frappe.enqueue and frappe.call for server scripts 2021-12-22 13:21:13 +05:30
Aradhya-Tripathi
2a241bd2dc style: formatted code 2021-10-05 18:23:46 +05:30
Aradhya-Tripathi
3b25bde3ac feat: Added tests for SafeQB 2021-10-05 18:14:06 +05:30
Gavin D'souza
e407b78506 chore: Drop dead and deprecated code 
* Remove six for PY2 compatability since our dependencies are not, PY2
  is legacy.
* Removed usages of utils from future/past libraries since they are
  deprecated. This includes 'from __future__ ...' and 'from past...'
  statements.
* Removed compatibility imports for PY2, switched from six imports to
  standard library imports.
* Removed utils code blocks that handle operations depending on PY2/3
  versions.
* Removed 'from __future__ ...' lines from templates/code generators
* Used PY3 syntaxes in place of PY2 compatible blocks. eg: metaclass
 2021-05-26 15:31:29 +05:30
Rushabh Mehta
8c8f7313f4
fix(minor): make utils explicit in safe_globals (#11408) 
* fix(minor): make utils explicit in safe_globals

* fix(minor): import subprocess

* fix(minor): fix globals in safe_eval;

* fix(minor): import subprocess

* fix(minor): add test

* fix(minor): webhook.py

* fix(minor): document_type_mapping.py
 2020-09-03 14:26:01 +05:30
Rushabh Mehta
275a70e9d0 feat(minor): allow frappe.db.sql for read in server script 2020-08-20 18:33:29 +05:30
Rushabh Mehta
b84663621f fix(linting) 2019-10-11 14:16:49 +05:30
Rushabh Mehta
9d615f7f12 fix(security): use restricted python 2019-10-11 14:16:49 +05:30