vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
48134 commits 1 branch 0 tags 587 MiB
Commit graph

148 commits

Author SHA1 Message Date
Akhil Narang
84ef6ec677
refactor: fixup with ruff 0.8.1 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-12-04 13:18:04 +05:30
David Arnold
8b1180ba27
refactor: server script autocompletion to be more generic (#28180) 2024-10-19 12:56:24 +00:00
Raffael Meyer
b91cacdd18
feat!: enhance Language to become more of a Locale (#27178) 2024-09-21 16:02:58 +02:00
David
d50e579317
feat(utm): make data helper more useful 2024-09-12 00:08:11 +02:00
vishnu
b41083561e feat: Add get_month function to return current or specific month as a string 2024-08-17 14:11:00 +00:00
Kevin Shenk
12f193231d
refactor: enable website utils in safe_exec (#25365) 
Frappe Builder uses safe_exec to fetch dynamic data, and there are a few functions in website utilities which would be nice to have on that end, get_html_content_based_on_type especially. I added a few others which seemed useful and safe as well.
 2024-03-27 15:26:28 +05:30
Akhil Narang
3f1e19de85
refactor(treewide): enable RUF rules 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-21 16:20:28 +05:30
Akhil Narang
26ae0f3460
fix: ruff fixes 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-07 17:04:31 +05:30
Ankush Menat
de9ac89748 style: re-format with ruff 2024-02-05 18:53:33 +05:30
Hussain Nagaria
0b95e8fcc2 chore: get_year_ending to safe_exec 2023-12-17 15:35:55 +05:30
Hussain Nagaria
51a03c52f1 docs: safe_exec get_hooks 2023-12-16 22:13:55 +05:30
Sagar Vora
8cc4fc349a chore: improve condition to avoid re-initializing flag 2023-12-11 10:53:04 +05:30
Corentin Flr
4b367245eb
Merge pull request from GHSA-v3vh-7qx4-f582 2023-12-11 10:40:27 +05:30
Ankush Menat
57699a54b1
fix: Show server script name in traceback (#23676) 
* fix: Show server script name in traceback

* chore: typo

Co-authored-by: Sagar Vora <sagar@resilient.tech>

---------

Co-authored-by: Sagar Vora <sagar@resilient.tech>
 2023-12-08 15:01:13 +05:30
tonspar
fae3685b03
feat: Patch and Delete Request to integration utils (#23525) 
* Update utils.py

Adding the patch and delete request

* Update safe_exec.py

Adding the patch and delete request from integration utils.
 2023-12-01 10:25:43 +05:30
Akhil Narang
eb45da3913
feat: Allow usage of print() within safe_exec() (#23084) 
* feat(safe_exec): allow usage of `print()`

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* refactor(system_console): update description to mention `print()` instead of `log()`

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* feat: unconditionally add debug logs to response if present

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* chore(safe_exec): add in a test for running `print()` within safe_exec

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* fix(safe_exec): ignore warning

RestrictedPython warns us if we call `print()` don't use their `printed` variable

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* feat: store debug logs from scheduled jobs

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* fix: avoid ignoring warnings, disabled in prod anyway

* chore: remove unnecessary logging

This can be moved to level 2 when required

---------

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
Co-authored-by: Ankush Menat <ankush@frappe.io>
 2023-11-20 12:45:41 +05:30
Ankush Menat
e152ebc0a3 chore: typo 2023-09-18 20:16:27 +05:30
gavin
c3efddd380
fix: Allow DB Callback Managers in Safe Exec (#22302) 2023-09-05 10:38:14 +05:30
Ankush Menat
e9585e9ce6 fix: remove validation on text code 
These can overvalidate e.g. "Frappe information technology" contains "format".

Restricted python anyways validates these attr access at runtime, so no
need to validate this on code.
 2023-08-31 11:03:28 +05:30
Ankush Menat
1390b972a8 fix(DX): let users know that server scripts are disabled 2023-08-23 14:49:05 +05:30
Ankush Menat
6e0b522ae3 refactor!: Disable server scripts by default 
- Move the config to bench level and not site level because, server
  script "threat model" requires consent from a bench owner and not
  individual site.
- While this is a breaking change which people may not like, we believe
  it's essential to improve security model of Frappe.
 2023-08-23 14:49:05 +05:30
Ankush Menat
8ddde056a0 fix: dont allow NamedExpr in safe_eval 2023-08-21 12:42:21 +05:30
Ankush Menat
eede56d5df fix: dont allow writes to live objects 2023-08-21 12:04:55 +05:30
Ankush Menat
f449262050 fix: allow dict access and unpacks 2023-08-21 11:59:53 +05:30
Ankush Menat
14b62d7ff1 fix: correct getattr implementation for safe_eval 2023-08-21 11:59:53 +05:30
Ankush Menat
3531f58b54 refactor: unify safe_exec and safe_eval code 
A lot of duplication was present for this code.
 2023-08-21 11:59:53 +05:30
Ankush Menat
4d5a945861
refactor: reduce duplication in unsafe attr checks (#22033) 2023-08-13 18:23:41 +05:30
Ankush Menat
ce1355dab8
fix: block format attributes (#22028) 2023-08-12 22:12:30 +05:30
Michelle Alva
fd2efdb0e1
chore: whitelisted typo (#21930) 2023-08-05 20:15:55 +05:30
Ankush Menat
7ee85758b1
fix(console): dont commit when exception is raised and unconditionally check query (#21850) 
* fix(console): unconditionally check query type

* fix(console): don't commit when exception occurs
 2023-07-28 18:07:08 +05:30
Nabin Hait
94ccdd628a fix: added get_quarter_ending function in safe_exec 2023-06-22 16:18:52 +05:30
Ankush Menat
3005e66e45 refactor!: Drop previously deprecated code 2023-06-13 16:00:43 +05:30
Raffael Meyer
036e1c94cd
feat!: remove deprecated timezone utils (#20255) 2023-03-06 19:56:57 +05:30
barredterra
c099b67165 feat: add new timezone utils to safe_exec 2023-03-06 13:07:24 +01:00
barredterra
3f87ffe446 Revert "refactor: rename timezone utils in safe_exec" 
This reverts commit d1ccfc91b8.
 2023-03-06 13:04:20 +01:00
barredterra
d1ccfc91b8 refactor: rename timezone utils in safe_exec 2023-03-05 16:17:44 +01:00
Ankush Menat
b11793ab02 fix: set filename explicitly for safe_exec 2022-12-07 16:34:27 +05:30
Sagar Vora
5f2cc8ec79 chore: keep previous order for easy backport 2022-12-07 14:09:02 +05:30
Sagar Vora
0c220169da chore: reorder pylint disable 2022-12-07 13:50:59 +05:30
Sagar Vora
7d47d10692 fix: override RestrictedPython transformer to allow _dict, revert frappe.as_dict 2022-12-07 13:45:28 +05:30
Sagar Vora
f2e1dbe7eb fix: restore _dict, used in Jinja code 2022-12-07 13:13:27 +05:30
HarryPaulo
f25358ad63
fix: "_dict" is an invalid attribute name because it starts with "_" (#19010) 
* fix: "_dict" is an invalid attribute name because it starts with "_"

* chore: move to frappe namespace
 2022-11-29 11:43:23 +05:30
Ankush Menat
668a730788 fix: avoid patching QB if already patched 2022-11-11 16:38:05 +05:30
Ankush Menat
44a5bdc3f1
fix: ignore internal methods (#18784) 2022-11-06 19:18:30 +05:30
Ankush Menat
e02b90cd5b
fix: dont allow reading attributes of unsafe objects (#18706) 2022-11-06 17:33:02 +05:30
Athul Cyriac Ajay
31a37ed671
chore: Add make_put_requests method for Server Scripts (#18128) 2022-09-14 15:54:15 +05:30
barredterra
d0b753a25d refactor: move lang into frappe namespace 2022-09-01 17:12:58 +02:00
barredterra
836fd6ef78 feat: add lang to safe globals 2022-09-01 16:53:20 +02:00
phot0n
cd2664bf99 chore: remove get_payment_gateway_controller safe global 2022-07-26 23:18:23 +05:30
Ankush Menat
a98e47150f feat(tiny): frappe.log -> frappe.log for server scripts 
This it already whitelisted but in global scope.

[skip ci]
 2022-07-18 16:27:28 +05:30