summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Depend on py27,py38 in coverageupdate-configsBert JW Regeer2020-05-051-1/+1
|
* coverage env does not need project installedBert JW Regeer2020-05-051-0/+1
|
* coverage should fail if not 100%Bert JW Regeer2020-05-051-1/+1
|
* Remove basepython from tox.iniBert JW Regeer2020-05-051-5/+0
|
* Update setup.cfg tool:pytest to remove cov-reportBert JW Regeer2020-05-051-1/+1
|
* Point image badge to correct locationBert JW Regeer2020-05-051-8/+2
|
* Update Github Actions workflowBert JW Regeer2020-05-054-130/+95
|
* Update status badge for master branchBert JW Regeer2020-04-171-3/+8
|
* Merge pull request #280 from Pylons/bestpracticesBert JW Regeer2020-04-1757-225/+255
|\ | | | | Updates Waitress to best practices surrounding packaging
| * Remove travis and appveyor from this repoBert JW Regeer2020-04-163-75/+1
| |
| * Add flake8 configurationBert JW Regeer2020-04-163-1/+40
| |
| * Make sure to include github workflowsBert JW Regeer2020-04-161-0/+1
| |
| * Add MANIFEST.inBert JW Regeer2020-04-161-0/+20
| |
| * Update .gitignoreBert JW Regeer2020-04-162-4/+2
| |
| * Update CI to add lint checksBert JW Regeer2020-04-162-5/+23
| |
| * Update gitignoreBert JW Regeer2020-04-161-6/+0
| |
| * Switch to pytest from nosetestsBert JW Regeer2020-04-162-9/+10
| |
| * paths are equal in coverageBert JW Regeer2020-04-161-1/+6
| |
| * Blacken filesBert JW Regeer2020-04-162-5/+13
| |
| * Update tox.ini to new world orderBert JW Regeer2020-04-161-34/+67
| |
| * Move from setup.py to setup.cfgBert JW Regeer2020-04-162-83/+58
| |
| * Add pyproject.toml to projectBert JW Regeer2020-04-161-0/+12
| |
| * Move source code to src folderBert JW Regeer2020-04-1616-0/+0
| |
| * Move tests to top directoryBert JW Regeer2020-04-1629-16/+16
|/
* Merge pull request #284 from timgates42/bugfix_typo_separatedSteve Piercy2020-03-011-2/+2
|\ | | | | Fix simple typo: seperated -> separated
| * Update test_wasyncore.pyTim Gates2020-03-011-1/+1
| |
| * Fix simple typo: seperated -> separatedTim Gates2020-03-012-3/+3
|/ | | | | There is a small typo in waitress/parser.py. Should read `separated` rather than `seperated`.
* Merge pull request #279 from Pylons/drop-py34Bert JW Regeer2020-02-028-37/+40
|\ | | | | Drop Python 3.4
| * tox show python version usedBert JW Regeer2020-02-021-0/+1
| |
| * Use tox -e pyBert JW Regeer2020-02-023-29/+31
| | | | | | | | | | This will cause it to pick the version to run against based upon the version of Python it's installed for.
| * Drop Python 3.4Bert JW Regeer2020-02-028-11/+11
|/ | | | | | | | | | | | | | This is necessary due to needing coverage>=5.0, which is no longer available on Python 3.4. Python 3.4 is also now past end of life. This continued to work by chance due to Travis having nosetest installed in the Python global installation, and thus the failure from tox to install coverage>=5.0 did not cause errors on Travis. Testing locally I still had an old version of coverage installed, and that version had not yet dropped Python 3.4.
* Prep v1.4.3v1.4.3Bert JW Regeer2020-02-022-1/+17
|
* Merge pull request from GHSA-73m2-3pwg-5fgcBert JW Regeer2020-02-022-6/+28
|\ | | | | Fix catastrophic backtracking in regular expression
| * Remove accidental backslashBert JW Regeer2020-02-021-2/+2
| | | | | | | | Noticed this while looking at other tests.
| * Add bad header that caused catastrophic backtrackingBert JW Regeer2020-02-021-0/+11
| | | | | | | | | | This lets us validate that we won't accidentally cause the same issue down the line if we mess with the regular expressions
| * Add header parsing tests with short headersBert JW Regeer2020-02-021-0/+11
| | | | | | | | | | | | | | | | While fixing the catastrophic backtracking a gap in tests led to a potentially bad regex being considered that would have caused issues with short header values. This now adds a test to make sure we don't regress.
| * Remove catastrophic backtracking in regexBert JW Regeer2020-02-021-4/+4
|/ | | | | | This updates the regular expression so that there is no longer a chance for it to end up catastrophically backtracking and locking up the process.
* Prep for 1.4.2v1.4.2Bert JW Regeer2020-01-021-1/+1
|
* Merge pull request #277 from Pylons/invalid-whitespace-contBert JW Regeer2020-01-025-6/+92
|\ | | | | Invalid whitespace in headers
| * Add CHANGES and bump version to 1.4.2Bert JW Regeer2020-01-022-2/+31
| |
| * Update RFC7230 regex with errata for header field-contentBert JW Regeer2020-01-022-1/+18
| |
| * Remove accidental stripping of non-printable charactersBert JW Regeer2020-01-022-3/+43
|/ | | | | | | | | | | Continuation/follow-up for: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 which showcased the initial problem with the way that waitress was dealing with whitespace in headers. Additional testing by ZeddYu Lu also led to other potential issues with non-printable ascii characters that are stripped by default by Python's string.strip() function
* Prep v1.4.1v1.4.1Bert JW Regeer2019-12-241-1/+1
|
* Merge pull request from GHSA-m5ff-3wj3-8ph4Bert JW Regeer2019-12-246-25/+194
|\ | | | | HTTP header-field stricter validation
| * Add links to advisories for previous security issuesBert JW Regeer2019-12-231-0/+13
| |
| * Bump version numberBert JW Regeer2019-12-231-1/+1
| |
| * Add documentation for security issueBert JW Regeer2019-12-231-0/+14
| |
| * Define VCHAR/OBS_TEXT onceBert JW Regeer2019-12-231-2/+13
| |
| * Validate HTTP header-field more completelyBert JW Regeer2019-12-232-22/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was brought about by certain whitespace characters being allowed that are not allowed in the HTTP standard. Waitress would dutifully strip those whitespace characters and continue on as if nothing mattered, however whitespace in HTTP messages does matter and could allow for HTTP request smuggling if the front-end proxy server does not agree with the back-end server on how to parse a HTTP message. This disallows things like this: Content-Length: 10 Transfer-Encoding:[0x0b]chunked Which would get parsed by a front-end server as a request with Content-Length 10, and an invalid Transfer-Encoding header, but would get parsed as a chunked request by Waitress.
| * Add file with RFC7230 definitions/ABNF -> regexBert JW Regeer2019-12-231-0/+44
|/ | | | | | | | Currently it is used for header name/fields only, but this should get expanded as necessary. Other stuff from other parts of waitress may move here too to create a sort utility library of useful RFC standards based functions.
View Lorry Controller Status