Patch out problematic endpoints in the pylons error app

This has since (July 2015) been fixed upstream, but it hasn't been packaged for many (any?) distros yet.
2026-04-27 03:00:12 -04:00 · 2014-06-30 21:46:53 -03:00
parent c34cd24588
commit c037e91d6e
1 changed files with 12 additions and 0 deletions
--- a/r2/r2/config/middleware.py
+++ b/r2/r2/config/middleware.py
@@ -59,6 +59,18 @@ class HTTPTooManyRequests(webob.exc.HTTPClientError):
 webob.exc.status_map[429] = HTTPTooManyRequests
 webob.util.status_reasons[429] = HTTPTooManyRequests.title

+# patch out SSRFable/XSSable endpoints in older versions of weberror
+import weberror.evalexception
+
+
+# We could probably just set `.exposed = False`, but this makes me feel better
+def _stub(*args, **kwargs):
+    pass
+
+weberror.evalexception.EvalException.post_traceback = _stub
+weberror.evalexception.EvalException.relay = _stub
+
+
 #from pylons.middleware import error_mapper
 def error_mapper(code, message, environ, global_conf=None, **kw):
    if environ.get('pylons.error_call'):