Commit Graph

4261 Commits

Author SHA1 Message Date
Maximilian Hils
06c6d88359 Merge pull request #1066 from fimad/master
Fix XSS vulnerability in HTTP errors
2016-03-31 19:36:01 +02:00
Will Coster
55bffe1782 Fix XSS vulnerability in HTTP errors
The make_error_response method does not properly escape characters
that end up in the response body. Since the error code can contain
user supplied values this leads to a potential XSS vulnerability.

Example:

    echo '<script>alert(1)</script>' | nc localhost 8888
2016-03-31 10:22:29 -07:00
Maximilian Hils
f1c5721c8c travis: checkout full repo for builds 2016-03-31 18:35:14 +02:00
Maximilian Hils
c788e18e03 Merge branch 'master' of https://github.com/mitmproxy/mitmproxy 2016-03-31 18:07:58 +02:00
Maximilian Hils
5552b5e782 snapshots: fix build tag 2016-03-31 18:07:47 +02:00
Maximilian Hils
de0f2cbcd3 Merge pull request #1050 from zlorb/master
Flow export to locust.io load test tool [http://locust.io]
2016-03-29 18:28:09 +02:00
Zohar Lorberbaum
8016b6ab55 Merge remote-tracking branch 'mitmproxy/master'
# Conflicts:
#	test/mitmproxy/test_flow_export.py
2016-03-28 20:08:55 -07:00
Zohar Lorberbaum
cd2ef2fe13 merge 2016-03-28 10:17:58 -07:00
Zohar Lorberbaum
37483e228f Merge remote-tracking branch 'mitmproxy/master'
Merge with master
2016-03-28 10:06:02 -07:00
Zohar Lorberbaum
6d16f44ab7 Merge with master 2016-03-28 10:03:26 -07:00
Zohar Lorberbaum
e56198ae7c cleaner target url 2016-03-28 09:51:06 -07:00
Zohar Lorberbaum
ef3d24e8c8 locust_task re-use locust_code. 2016-03-27 21:42:52 -07:00
Thomas Kriechbaumer
dfcfa6263c add safeguard 2016-03-27 13:15:57 +02:00
Thomas Kriechbaumer
04cb099b15 improve flow export tests 2016-03-27 13:04:19 +02:00
Thomas Kriechbaumer
ec68d8b8e4 s/nocover/no cover/g
according to coveralls docs
2016-03-27 12:02:41 +02:00
Thomas Kriechbaumer
ab7e80085a increase test timeout 2016-03-27 11:59:27 +02:00
Thomas Kriechbaumer
ddea3434a2 Merge pull request #1055 from MatthewShao/issue#963
Simplify '.content' by removing CONTENT_MISSING
2016-03-27 11:14:28 +02:00
Matthew Shao
6e4af64050 minor fix about if-else statement 2016-03-27 09:16:40 +08:00
Matthew Shao
66bd27e6f9 update comments 2016-03-26 17:49:22 +08:00
Matthew Shao
53e15f778d update document for the removal of CONTENT_MISSING 2016-03-26 16:17:55 +08:00
Matthew Shao
08ff00f36d replace CONTENT_MISSING with None. 2016-03-26 16:00:51 +08:00
Matthew Shao
2f285a6015 Setting CONTENT_MISSING to None 2016-03-26 11:26:42 +08:00
Zohar Lorberbaum
9f77c80a32 pep8 2016-03-25 17:29:42 -07:00
Zohar Lorberbaum
5b07e8b3af Add UI shortcuts. 2016-03-24 20:29:53 -07:00
Zohar Lorberbaum
a44062effb Flow export to locust.io load test tool. 2016-03-23 01:49:18 -07:00
Maximilian Hils
2d6eb28fd0 py3++ 2016-03-20 23:39:57 +01:00
Maximilian Hils
403ac82a7d netlib: request.path can be None 2016-03-20 23:22:50 +01:00
Maximilian Hils
e739517070 py3++ 2016-03-20 23:14:22 +01:00
Maximilian Hils
726536689b py3++ 2016-03-20 22:58:35 +01:00
Maximilian Hils
2ce023a991 py3++ 2016-03-20 22:50:03 +01:00
Thomas Kriechbaumer
d8e8dfc1c6 Merge pull request #1047 from mitmproxy/no-coverage-by-default
py.test: disable coverage collection by default
2016-03-20 20:40:15 +01:00
Maximilian Hils
6f902ffbb3 py3++: iteritems 2016-03-20 19:56:22 +01:00
Maximilian Hils
88d365cfe6 py3++: cStringIO 2016-03-20 19:40:03 +01:00
Maximilian Hils
43671e723f py.test: disable coverage collection by default 2016-03-20 19:39:02 +01:00
Maximilian Hils
61a657fe56 Merge pull request #1045 from mitmproxy/py3-scripts
Port mitmproxy.script to Python 3
2016-03-20 11:31:56 +01:00
Thomas Kriechbaumer
d99194fccc Merge pull request #1043 from mitmproxy/better-scripts
Better scripts
2016-03-19 20:33:14 +01:00
Maximilian Hils
b0a16dee20 fix script exception display 2016-03-19 20:27:03 +01:00
Maximilian Hils
4b955da94e fix pyOpenSSL version 2016-03-19 20:09:00 +01:00
Maximilian Hils
7b4fcc8577 update pyOpenSSL 2016-03-19 20:02:30 +01:00
Maximilian Hils
c52c59f858 port mitmproxy.scripts to py3 2016-03-19 19:53:27 +01:00
Maximilian Hils
4be9074b49 fix tests on OSX 2016-03-19 19:19:36 +01:00
Maximilian Hils
fb0b17ee93 simplify tests for @concurrent 2016-03-19 03:04:55 +01:00
Maximilian Hils
7e49b8c186 add tests for mitmproxy.script.reloader 2016-03-19 03:04:55 +01:00
Maximilian Hils
898f5d10b9 improve mitmproxy.scripts semantics, clean up tests 2016-03-19 03:04:55 +01:00
Maximilian Hils
36fb8a32f4 restrict cryptography version for pyopenssl compat 2016-03-19 03:04:08 +01:00
Maximilian Hils
b90579fe45 fix dependency versions 2016-03-18 14:59:49 +01:00
Maximilian Hils
afb24d8c4c Merge remote-tracking branch 'origin/requires-io-master' 2016-03-18 14:57:16 +01:00
Maximilian Hils
f5a6ebf584 remove code duplication 2016-03-18 14:54:42 +01:00
requires.io
c8ddd87837 [requires.io] dependency update 2016-03-18 14:52:59 +01:00
Thomas Kriechbaumer
4cd170d36c Merge pull request #1040 from felixonmars/patch-1
Allow lxml 3.6
2016-03-18 09:29:58 +01:00