6258848471
82%

Ran 21 Sep 2023 08:05AM UTC

Jobs 1

Files 351

Run time 8s

Badge

Embed ▾

Committed 21 Sep 2023 08:01AM UTC coverage: 82.159% (+0.001%) from 82.158%

Build # 6258848471

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request from GHSA-wm8q-9975-xh5v

* Allow only some image types to be displayed inline.

Force download for others, especially SVG images.  By default we use a list of allowed types.
You can switch a to a list of denied types by setting OS environment variable
``OFS_IMAGE_USE_DENYLIST=1``.  This change only affects direct URL access.
``<img src="image.svg" />`` works the same as before.

See security advisory:
https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v

* Use guess_extension as first guess for the extension of an image.

* Support overriding ALLOWED_INLINE_MIMETYPES and DISALLOWED_INLINE_MIMETYPES.

* Test that filename of attachment gets encoded correctly.

* Add CVE

---------

Co-authored-by: Michael Howitz <icemac@gmx.net>

Run Details

4353 of 6963 branches covered (0.0%)

Branch coverage included in aggregate %.

77 of 77 new or added lines in 2 files covered. (100.0%)

27421 of 31711 relevant lines covered (86.47%)

0.86 hits per line

New Missed Lines in Diff

Lines	Coverage	∆	File
4	96.75	-0.82%	src/OFS/tests/testFileAndImage.py
6	76.74	-0.02%	src/OFS/Image.py

Jobs

ID	Job ID	Ran	Files	Coverage
1	6258848471.1	21 Sep 2023 08:05AM UTC	351	82.16

zopefoundation / Zope / 6258848471
82%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Jobs

Source Files on build 6258848471

zopefoundation / Zope / 6258848471 82%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Jobs

Source Files on build 6258848471

zopefoundation / Zope / 6258848471
82%

README BADGES
x