6258848237
81%
master: 82%

Ran 21 Sep 2023 08:03AM UTC

Jobs 1

Files 371

Run time 13s

Badge

Embed ▾

Committed 21 Sep 2023 08:01AM UTC coverage: 81.15% (+0.002%) from 81.148%

Build # 6258848237

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request from GHSA-wm8q-9975-xh5v

* Allow only some image types to be displayed inline.

Force download for others, especially SVG images.  By default we use a list of allowed types.
You can switch a to a list of denied types by setting OS environment variable
``OFS_IMAGE_USE_DENYLIST=1``.  This change only affects direct URL access.
``<img src="image.svg" />`` works the same as before.

See security advisory:
https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v

* svg download: only encode filename when it is not bytes.

On Python 2.7 it is already bytes.

* Use guess_extension as first guess for the extension of an image.

* Support overriding ALLOWED_INLINE_MIMETYPES and DISALLOWED_INLINE_MIMETYPES.

* Test that filename of attachment gets encoded correctly.

* Add CVE

---------

Co-authored-by: Michael Howitz <icemac@gmx.net>

Run Details

4350 of 7092 branches covered (0.0%)

Branch coverage included in aggregate %.

79 of 79 new or added lines in 2 files covered. (100.0%)

27280 of 31885 relevant lines covered (85.56%)

0.86 hits per line

New Missed Lines in Diff

Lines	Coverage	∆	File
4	96.47	-0.79%	src/OFS/tests/testFileAndImage.py
6	80.74	-0.3%	src/OFS/Image.py

Jobs

ID	Job ID	Ran	Files	Coverage
1	6258848237.1	21 Sep 2023 08:03AM UTC	371	81.15

zopefoundation / Zope / 6258848237
81%
master: 82%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Jobs

Source Files on build 6258848237

zopefoundation / Zope / 6258848237 81% master: 82%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Jobs

Source Files on build 6258848237

zopefoundation / Zope / 6258848237
81%
master: 82%

README BADGES
x