mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-15 03:30:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
fdroidserver/fdroidserver
History
Hans-Christoph Steiner 3011953d0e convert apkcache from pickle to JSON 
pickle can serialize executable code, while JSON is only ever pure data.
The APK cache is only ever pure data, so no need for the security risks of
pickle.  For example, if some malicious thing gets write access on the
`fdroid update` machine, it can write out a custom tmp/apkcache which would
then be executed.  That is not possible with JSON.

This does just ignore any existing cache and rebuilds from scratch. That is
so we don't need to maintain pickle anywhere, and to ensure there are no
glitches from a conversion from pickle to JSON.

closes #163
2018-09-03 18:07:40 +02:00
..
asynchronousfilereader Add asynchronous filereader, fix python3 lockups 2015-09-20 20:57:53 +02:00
__init__.py fix egg-link and easy_install support for Python3 2017-10-19 23:28:13 +02:00
btlog.py use defusedxml to avoid DoS attacks while loading XML 2018-08-29 17:44:54 +02:00
build.py mark manually sanitized input so bandit doesn't complain 2018-08-29 17:44:54 +02:00
checkupdates.py checkupdates: remove magic number 99999999 from HTTP checks 2018-08-29 17:24:24 +02:00
common.py gitlab-ci: add 'bandit' security scanner to all runs 2018-08-29 17:48:06 +02:00
dscanner.py fix PEP8: W504 line break after binary operator 2018-05-29 12:31:56 +02:00
exception.py checkupdates: don't fail when we can't init submodules 2017-12-04 16:30:37 +01:00
gpgsign.py implement gettext localization 2017-09-15 11:39:00 +02:00
import.py fix PEP8 W605 invalid escape sequence 2018-05-29 13:51:47 +02:00
index.py convert apkcache from pickle to JSON 2018-09-03 18:07:40 +02:00
init.py fix PEP8 W605 invalid escape sequence 2018-05-29 13:51:47 +02:00
install.py fix string formats that are ambiguous for translators 2017-09-16 13:19:38 +02:00
lint.py Lint - the error should hint that the right word is Categories 2018-07-30 22:56:57 +00:00
metadata.py remove unused YamlLoader optimization 2018-08-29 11:25:01 +02:00
mirror.py mirror: fix syntax error on Python 3.4 2017-11-30 14:03:04 +01:00
net.py Support ETag when downloading repository index 2017-05-02 15:37:02 -03:00
nightly.py set locale explicitly when using keytool 2018-08-03 04:36:00 +02:00
publish.py mark all required usages of MD5 so bandit doesn't complain 2018-08-29 17:44:54 +02:00
readmeta.py all: make newer pycodestyle happy 2016-11-15 20:55:06 +00:00
rewritemeta.py rewritemeta: fix proper_format() so lint works with .yml files 2018-02-23 22:43:03 +01:00
scanner.py scanner: add facebook sdk to forbidden libraries 2018-08-10 15:20:01 +02:00
server.py mark all required usages of MD5 so bandit doesn't complain 2018-08-29 17:44:54 +02:00
signatures.py clean up globals in signatures.py 2018-07-30 13:07:07 +02:00
signindex.py implement gettext localization 2017-09-15 11:39:00 +02:00
stats.py fix PEP8 W605 invalid escape sequence 2018-05-29 13:51:47 +02:00
tail.py include class like UNIX tail -f for displaying logs 2017-05-23 20:04:08 +02:00
update.py convert apkcache from pickle to JSON 2018-09-03 18:07:40 +02:00
verify.py fix "local variable 'e' is assigned to but never used" 2018-05-25 12:32:34 +02:00
vmtools.py vmtools: use pythonic way to check for installed binaries 2018-06-19 14:47:03 +02:00