mirror/glances
1
0
Fork 0
mirror of https://github.com/nicolargo/glances.git synced 2026-06-13 00:04:38 -04:00
Code Issues Packages Projects Releases Wiki Activity
7,302 Commits 109 Branches 148 Tags
develop-v5
Commit Graph

12 Commits

Author SHA1 Message Date
nicolargo
0de3b8f875 XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard - CVE-2026-46608 2026-05-23 11:40:20 +02:00
nicolargo
cad6f985a5 test(xmlrpc): port stripping and missing-Host edge cases 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-23 09:53:06 +02:00
nicolargo
8e6c9c955c test(xmlrpc): wildcard Host patterns via fnmatch 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-23 09:52:30 +02:00
nicolargo
575dc7e81b test(xmlrpc): allowlisted Host returns 200 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-23 09:51:58 +02:00
nicolargo
b88dd7bcfd test(xmlrpc): failing test — spoofed Host should be rejected (CVE-2026-46611) 
Adds a second test server bound to a config that enables xmlrpc_allowed_hosts,
plus the failing assertion that a spoofed Host header returns 400. The fix in
glances/server.py follows in the next commit.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-23 09:50:40 +02:00
nicolargo
b2965cca96 test(xmlrpc): lock in current permissive default (regression baseline) 
This test passes on the unpatched server and proves the CVE-2026-46611
vulnerability exists today: a spoofed Host header is accepted.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-23 09:49:43 +02:00
nicolargo
01437d61e2 test(xmlrpc): scaffold for Host header validation tests 
Re-creates tests/test_xmlrpc.py (deleted symlink) with a pytest module
modelled on test_restful.py: subprocess-launched server and a helper
to POST XML-RPC calls with a controllable Host header. Restores the
existing 'make test-xmlrpc' Makefile target.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-23 09:48:47 +02:00
Nicolas Hennion
137dc03a11 Lint the code 2026-03-24 08:18:04 +00:00
Steve Kowalik
5badf71000 Use sys.executable in the testsuite 
Rather than looking for a venv python executable, use the existing
sys.executable property to execute the modules required.
 2026-03-24 11:19:11 +11:00
nicolargo
8a748d15e3 Upgrade export test with InfluxDB 1.12 2025-10-18 09:25:39 +02:00
nicolargo
6124da2e59 Move all the Python test files in ./tests/ folder 2024-12-28 18:31:39 +01:00
nicolargo
61edf4daf5 Make main.py comliant with PyTest (concerning args) 2024-12-26 10:49:26 +01:00