Page MenuHomeSoftware Heritage

kalpitk (Kalpit Kothari)
User

Projects

User Details

User Since
Mar 22 2019, 7:03 AM (8 w, 2 d)

Recent Activity

Wed, May 8

kalpitk triaged T1705: Back-to-top button doesn't work in Chrome as Low priority.
Wed, May 8, 8:24 AM · Web app

Tue, May 7

kalpitk committed rDWAPPSccfc15753561: swh-web: Fix numerous XSS vulnerabilities (authored by kalpitk).
swh-web: Fix numerous XSS vulnerabilities
Tue, May 7, 8:52 PM
kalpitk closed T1699: XSS in swh-web as Resolved by committing rDWAPPSccfc15753561: swh-web: Fix numerous XSS vulnerabilities.
Tue, May 7, 8:52 PM · Security, Web app
kalpitk closed D1442: swh-web: Fix XSS.
Tue, May 7, 8:52 PM
kalpitk updated the diff for D1442: swh-web: Fix XSS.

squash commits

Tue, May 7, 7:49 PM
kalpitk updated the diff for D1442: swh-web: Fix XSS.
  • fix failing tests and make minor changes
Tue, May 7, 5:47 PM
kalpitk updated the diff for D1442: swh-web: Fix XSS.
  • Fix XSS in web API interface
Tue, May 7, 3:47 PM
kalpitk added inline comments to D1442: swh-web: Fix XSS.
Tue, May 7, 3:04 PM
kalpitk added a comment to D1442: swh-web: Fix XSS.

@anlambert I think, I have added escape wherever it was vulnerable.

Tue, May 7, 2:48 PM
kalpitk updated the diff for D1442: swh-web: Fix XSS.
  • Add escape for request.META
Tue, May 7, 2:46 PM
kalpitk updated the diff for D1442: swh-web: Fix XSS.
  • Add escaping for BadInputExc
Tue, May 7, 2:41 PM
kalpitk updated the diff for D1442: swh-web: Fix XSS.
Tue, May 7, 2:33 PM
kalpitk updated the diff for D1442: swh-web: Fix XSS.
  • Fix XSS in origin/search
Tue, May 7, 11:51 AM
kalpitk updated the diff for D1442: swh-web: Fix XSS.

rebase and squash commits

Tue, May 7, 11:18 AM
kalpitk added a comment to D1442: swh-web: Fix XSS.

@anlambert We need to remember to use 'escape' unsafe things, whenever marking some html as safe.

Tue, May 7, 11:03 AM
kalpitk updated the diff for D1442: swh-web: Fix XSS.
  • move mark_safe to _generate_error_page
Tue, May 7, 11:03 AM
kalpitk updated the diff for D1442: swh-web: Fix XSS.
  • use mark_safe with escape
Tue, May 7, 10:43 AM

Mon, May 6

kalpitk added a comment to D1442: swh-web: Fix XSS.

@anlambert
Ok. Will need to rework this, to keep the links working.
But,
1- if we filter out directly while saving, it may cause some valid links being rejected.
2- if I use filterXSS, other html tags will still work.

Mon, May 6, 11:24 AM

Sat, May 4

Herald added a reviewer for D1442: swh-web: Fix XSS: Reviewers.
Sat, May 4, 5:09 PM

Fri, May 3

kalpitk updated the task description for T1699: XSS in swh-web.
Fri, May 3, 1:33 PM · Security, Web app
kalpitk changed the visibility for T1699: XSS in swh-web.
Fri, May 3, 1:15 PM · Security, Web app

Sat, Apr 27

kalpitk committed rDWAPPS25af062ce7df: Fix xss vulnerability in origin save (authored by kalpitk).
Fix xss vulnerability in origin save
Sat, Apr 27, 10:40 AM

Apr 13 2019

kalpitk added a comment to T1642: Images with src within repo dont render in Readme.

I can confirm, all the 4 codes below work with your commit and xss is too not working.

Apr 13 2019, 8:22 AM · Web app

Apr 11 2019

kalpitk updated the task description for T1642: Images with src within repo dont render in Readme.
Apr 11 2019, 9:35 AM · Web app

Apr 10 2019

kalpitk added a project to T1642: Images with src within repo dont render in Readme: Web app.
Apr 10 2019, 7:52 PM · Web app
kalpitk renamed T1642: Images with src within repo dont render in Readme from Images with src within repo dont render to Images with src within repo dont render in Readme.
Apr 10 2019, 7:30 PM · Web app
kalpitk triaged T1642: Images with src within repo dont render in Readme as Low priority.
Apr 10 2019, 7:26 PM · Web app

Apr 5 2019

kalpitk committed rDWAPPS612eb3199dd2: Add more redirections for upper case sha1 (authored by kalpitk).
Add more redirections for upper case sha1
Apr 5 2019, 12:05 PM
kalpitk committed rDWAPPS3f8b34cef98c: Add redirections for upper/mixed case checksums (authored by kalpitk).
Add redirections for upper/mixed case checksums
Apr 5 2019, 12:05 PM
kalpitk closed D1339: Add more redirections for upper case sha1.
Apr 5 2019, 12:05 PM

Apr 4 2019

kalpitk updated the diff for D1339: Add more redirections for upper case sha1.

Add redirections for upper/mixed case checksum

Apr 4 2019, 8:18 PM
kalpitk triaged T1625: Repository with trailing slash are archived separately as Low priority.
Apr 4 2019, 7:24 PM · GitHub lister
kalpitk created T1625: Repository with trailing slash are archived separately in the S1 Public space.
Apr 4 2019, 7:22 PM · GitHub lister
kalpitk updated the diff for D1339: Add more redirections for upper case sha1.
  • Add docstring
Apr 4 2019, 6:44 PM
kalpitk updated the diff for D1339: Add more redirections for upper case sha1.

rebase with master

Apr 4 2019, 4:54 PM
kalpitk updated the diff for D1339: Add more redirections for upper case sha1.
  • Add uppercase redirections for APIs and tests
Apr 4 2019, 4:47 PM

Apr 3 2019

kalpitk removed a revision from T1615: In the feature 'search' the check-boxes and text are not aligned.: D1339: Add more redirections for upper case sha1.
Apr 3 2019, 2:59 PM · Web app
kalpitk removed a task from D1339: Add more redirections for upper case sha1: T1615: In the feature 'search' the check-boxes and text are not aligned..
Apr 3 2019, 2:59 PM
kalpitk added a revision to T1615: In the feature 'search' the check-boxes and text are not aligned.: D1339: Add more redirections for upper case sha1.
Apr 3 2019, 2:57 PM · Web app
kalpitk created D1339: Add more redirections for upper case sha1.
Apr 3 2019, 2:57 PM

Apr 2 2019

kalpitk added a comment to rDWAPPS1553ea764f1b: Add url redirections for uppercase sha1s (WIP).

@anlambert I have locally made changes for other endpoints also and added tests for the same. Should I create a new Diff?

Apr 2 2019, 9:13 PM

Mar 30 2019

kalpitk updated the summary of D1322: fix XSS vulnerability in readme rendering for txt, md.
Mar 30 2019, 1:04 PM
Herald added a reviewer for D1322: fix XSS vulnerability in readme rendering for txt, md: Reviewers.
Mar 30 2019, 1:01 PM

Mar 29 2019

kalpitk updated the diff for D1317: rate limit search in origin-save table.

rebase to master

Mar 29 2019, 6:56 PM
kalpitk updated the diff for D1317: rate limit search in origin-save table.

squashed commits

Mar 29 2019, 6:45 PM
kalpitk updated the diff for D1317: rate limit search in origin-save table.
  • add SearchDelay to admin DataTables
Mar 29 2019, 6:33 PM
kalpitk added a comment to D1317: rate limit search in origin-save table.

@anlambert Oh the admin ones. Will update.
Anyways, how do I test as admin when I run it locally?

Mar 29 2019, 6:18 PM
kalpitk closed D1295: prevent high memory usage.
Mar 29 2019, 6:14 PM
kalpitk added a comment to D1317: rate limit search in origin-save table.

@anlambert history.immutable is already set to true.

Mar 29 2019, 3:58 PM

Mar 28 2019

Herald added a reviewer for D1317: rate limit search in origin-save table: Reviewers.
Mar 28 2019, 5:45 PM

Mar 27 2019

kalpitk added a comment to rDWAPPS1553ea764f1b: Add url redirections for uppercase sha1s (WIP).
Mar 27 2019, 6:59 PM
kalpitk abandoned D1290: Add support for uppercase sha1 url arguments.

Abandoned in favor of rDWAPPS1553ea764f1bae36649a6996770e37e0c271bb76

Mar 27 2019, 6:52 PM
kalpitk closed D1289: ui enhancement origin-save.html.
Mar 27 2019, 6:36 PM
kalpitk added a comment to D561: [WIP] Implement a more refined origin search machinery.
Mar 27 2019, 12:51 PM

Mar 26 2019

kalpitk added a comment to D1295: prevent high memory usage.
In D1295#27652, @zack wrote:
In D1295#27649, @zack wrote:

or, actually, we can just also add a fulltext index to URLs and be done with it https://www.postgresql.org/docs/11/textsearch-intro.html#TEXTSEARCH-MATCHING

As just pointed out by @olasd on IRC, this is in fact D561. Fancy taking that up, @kalpitk ?

Mar 26 2019, 9:11 PM
kalpitk added inline comments to D1290: Add support for uppercase sha1 url arguments.
Mar 26 2019, 9:03 PM
kalpitk updated the diff for D1295: prevent high memory usage.
  • add case for bigger array lengths
Mar 26 2019, 8:26 PM
kalpitk added a comment to D1295: prevent high memory usage.

My laptop crashed when I entered a big query on /browse/search/ , because it filled my whole RAM.
Array size of 10 filled my 4 GBs of RAM when heapsPermute was called

Mar 26 2019, 7:32 PM
Herald added a reviewer for D1295: prevent high memory usage: Reviewers.
Mar 26 2019, 7:08 PM
kalpitk updated the diff for D1290: Add support for uppercase sha1 url arguments.

Add support for uppercase sha1 in url arguments

Mar 26 2019, 4:19 PM
kalpitk abandoned D1293: Add support for uppercase sha1 in url arguments.

Created new diff by mistake.

Mar 26 2019, 4:13 PM
Herald added a reviewer for D1293: Add support for uppercase sha1 in url arguments: Reviewers.
Mar 26 2019, 4:11 PM
kalpitk added a revision to T1505: Add support for uppercase sha1 url arguments in webapp endpoints: D1293: Add support for uppercase sha1 in url arguments.
Mar 26 2019, 4:11 PM · Easy hack, Web app
kalpitk updated the diff for D1290: Add support for uppercase sha1 url arguments.
  • fix failing tests
Mar 26 2019, 8:18 AM

Mar 25 2019

kalpitk updated the diff for D1290: Add support for uppercase sha1 url arguments.
  • remove lower calls from endpoints
Mar 25 2019, 5:03 PM
kalpitk updated the diff for D1290: Add support for uppercase sha1 url arguments.
  • fix uppercase sha1 and tests
Mar 25 2019, 4:37 PM
kalpitk added a comment to D1290: Add support for uppercase sha1 url arguments.

@kalpitk, I am ok with your tests plan but there is still some work to do here:

  • remove the calls to the lower method inside endpoint implementations (as I said, this is not needed)
  • there is numerous other endpoints that need to be processed (simply search for [0-9a-f] inside the swh-web codebase to identify them)
  • tests implementation must be factorized as test_* and test_*_with_uppercase_sha1 are basically the same thing
Mar 25 2019, 4:34 PM
kalpitk added a comment to D1290: Add support for uppercase sha1 url arguments.

@kalpitk, I am ok with your tests plan but there is still some work to do here:

  • remove the calls to the lower method inside endpoint implementations (as I said, this is not needed)
  • there is numerous other endpoints that need to be processed (simply search for [0-9a-f] inside the swh-web codebase to identify them)
  • tests implementation must be factorized as test_* and test_*_with_uppercase_sha1 are basically the same thing
Mar 25 2019, 3:42 PM
kalpitk abandoned D1285: fix snapshot for upper case SHA1.

Continued in D1290

Mar 25 2019, 3:39 PM · Web app
kalpitk updated the diff for D1290: Add support for uppercase sha1 url arguments.
  • improve readability
Mar 25 2019, 1:03 PM
kalpitk added a comment to D1290: Add support for uppercase sha1 url arguments.

@anlambert Oh i didn't read your comment. Anyways, I just wrote some tests.

Mar 25 2019, 12:40 PM
kalpitk updated the diff for D1290: Add support for uppercase sha1 url arguments.
  • fix uppercase SHA1 for api
  • add tests for uppercase sha1
Mar 25 2019, 12:36 PM
kalpitk added a comment to D1290: Add support for uppercase sha1 url arguments.

@anlambert I'll update for api endpoints also.

Mar 25 2019, 11:40 AM
kalpitk updated the diff for D1290: Add support for uppercase sha1 url arguments.
  • fix failing tests
Mar 25 2019, 11:31 AM
kalpitk updated the diff for D1290: Add support for uppercase sha1 url arguments.
  • fix upper case SHA1 in multiple files
Mar 25 2019, 10:58 AM
kalpitk added a comment to D1285: fix snapshot for upper case SHA1.

I pushed changes through arc : D1290
Probably the problem was line 34, which had more than 79 characters. This was preventing me to stage changes.

Mar 25 2019, 10:27 AM · Web app
kalpitk updated the summary of D1290: Add support for uppercase sha1 url arguments.
Mar 25 2019, 10:22 AM
Herald added a reviewer for D1290: Add support for uppercase sha1 url arguments: Reviewers.
Mar 25 2019, 10:21 AM
kalpitk updated the summary of D1289: ui enhancement origin-save.html.
Mar 25 2019, 8:27 AM
Herald added a reviewer for D1289: ui enhancement origin-save.html: Reviewers.
Mar 25 2019, 8:17 AM

Mar 22 2019

kalpitk updated the summary of D1285: fix snapshot for upper case SHA1.
Mar 22 2019, 7:36 PM · Web app
kalpitk added a comment to D1285: fix snapshot for upper case SHA1.

@ardumont Changed the title.

Mar 22 2019, 7:24 PM · Web app
kalpitk updated the summary of D1285: fix snapshot for upper case SHA1.
Mar 22 2019, 7:19 PM · Web app
Herald added 1 required legal document(s) to D1285: fix snapshot for upper case SHA1: L3 Software Heritage Contributor License Agreement, version 1.0.
Mar 22 2019, 8:09 AM · Web app
kalpitk moved T1505: Add support for uppercase sha1 url arguments in webapp endpoints from Backlog to In progress on the Easy hack board.
Mar 22 2019, 7:04 AM · Easy hack, Web app