diff --git a/src/hydra-queue-runner/build-result.cc b/src/hydra-queue-runner/build-result.cc index b0695e8b..aa98acbb 100644 --- a/src/hydra-queue-runner/build-result.cc +++ b/src/hydra-queue-runner/build-result.cc @@ -51,8 +51,8 @@ BuildOutput getBuildOutput( "[[:space:]]+" "([a-zA-Z0-9_-]+)" // subtype (e.g. "readme") "[[:space:]]+" - "(\"[^\"]+\"|[^[:space:]\"]+)" // path (may be quoted) - "([[:space:]]+([^[:space:]]+))?" // entry point + "(\"[^\"]+\"|[^[:space:]<>\"]+)" // path (may be quoted) + "([[:space:]]+([^[:space:]<>]+))?" // entry point , std::regex::extended); for (auto & output : outputs) { @@ -78,7 +78,7 @@ BuildOutput getBuildOutput( product.type = match[1]; product.subtype = match[2]; std::string s(match[3]); - product.path = s[0] == '"' ? std::string(s, 1, s.size() - 2) : s; + product.path = s[0] == '"' && s.back() == '"' ? std::string(s, 1, s.size() - 2) : s; product.defaultPath = match[5]; /* Ensure that the path exists and points into the Nix @@ -93,6 +93,8 @@ BuildOutput getBuildOutput( if (file == narMembers.end()) continue; product.name = product.path == store->printStorePath(output) ? "" : baseNameOf(product.path); + if (!std::regex_match(product.name, std::regex("[a-zA-Z0-9.@:_ -]*"))) + product.name = ""; if (file->second.type == SourceAccessor::Type::tRegular) { product.isRegular = true; @@ -127,8 +129,9 @@ BuildOutput getBuildOutput( if (file == narMembers.end() || file->second.type != SourceAccessor::Type::tRegular) continue; - res.releaseName = trim(file->second.contents.value()); - // FIXME: validate release name + auto contents = trim(file->second.contents.value()); + if (std::regex_match(contents, std::regex("[a-zA-Z0-9.@:_-]+"))) + res.releaseName = contents; } /* Get metrics. */ @@ -140,10 +143,18 @@ BuildOutput getBuildOutput( for (auto & line : tokenizeString(file->second.contents.value(), "\n")) { auto fields = tokenizeString>(line); if (fields.size() < 2) continue; + if (!std::regex_match(fields[0], std::regex("[a-zA-Z0-9._-]+"))) + continue; BuildMetric metric; - metric.name = fields[0]; // FIXME: validate - metric.value = atof(fields[1].c_str()); // FIXME + metric.name = fields[0]; + try { + metric.value = std::stod(fields[1]); + } catch (...) { + continue; // skip this metric + } metric.unit = fields.size() >= 3 ? fields[2] : ""; + if (!std::regex_match(metric.unit, std::regex("[a-zA-Z0-9._%-]+"))) + metric.unit = ""; res.metrics[metric.name] = metric; } } diff --git a/src/root/all.tt b/src/root/all.tt index e877f5b5..eee4488e 100644 --- a/src/root/all.tt +++ b/src/root/all.tt @@ -11,7 +11,7 @@ titleHTML="Latest builds" _ "") %] [% PROCESS common.tt %] -

Showing builds [% (page - 1) * resultsPerPage + 1 %] - [% (page - 1) * resultsPerPage + builds.size %] out of [% total %] in order of descending finish time.

+

Showing builds [% (page - 1) * resultsPerPage + 1 %] - [% (page - 1) * resultsPerPage + builds.size %] out of [% HTML.escape(total) %] in order of descending finish time.

[% INCLUDE renderBuildList hideProjectName=project hideJobsetName=jobset hideJobName=job %] [% INCLUDE renderPager %] diff --git a/src/root/build.tt b/src/root/build.tt index 93629427..8c52b489 100644 --- a/src/root/build.tt +++ b/src/root/build.tt @@ -37,7 +37,7 @@ END; seen.${step.drvpath} = 1; log = c.uri_for('/build' build.id 'nixlog' step.stepnr); %] - [% step.stepnr %] + [% HTML.escape(step.stepnr) %] [% IF step.type == 0 %] Build of [% INCLUDE renderOutputs outputs=step.buildstepoutputs %] @@ -86,7 +86,7 @@ END; [% ELSIF step.status == 11 %] Output limit exceeded [% ELSIF step.status == 12 %] - Non-determinism detected [% IF step.timesbuilt %] after [% step.timesbuilt %] times[% END %] + Non-determinism detected [% IF step.timesbuilt %] after [% HTML.escape(step.timesbuilt) %] times[% END %] [% ELSIF step.errormsg %] Failed: [% HTML.escape(step.errormsg) %] [% ELSE %] @@ -112,16 +112,16 @@ END; [% IF c.user_exists %] [% IF available %] [% IF build.keep %] - Unkeep + c.uri_for('/build' build.id 'keep' 0)) %]>Unkeep [% ELSE %] - Keep + c.uri_for('/build' build.id 'keep' 1)) %]>Keep [% END %] [% END %] [% IF build.finished %] - Restart + c.uri_for('/build' build.id 'restart')) %]>Restart [% ELSE %] - Cancel - Bump up + c.uri_for('/build' build.id 'cancel')) %]>Cancel + c.uri_for('/build' build.id 'bump')) %]>Bump up [% END %] [% END %] @@ -132,7 +132,7 @@ END;
  • Details
  • Inputs
    • [% IF steps.size() > 0 %]
  • Build Steps
    • [% END %] - [% IF build.dependents %]
  • Used By
    • [% END%] + [% IF build.dependents %]
  • Used By
    • [% END %] [% IF drvAvailable %]
  • Build Dependencies
    • [% END %] [% IF localStore && available %]
  • Runtime Dependencies
    • [% END %] [% IF runcommandlogProblem || runcommandlogs.size() > 0 %]
  • RunCommand Logs[% IF runcommandlogProblem %] Disabled[% END %]
    • [% END %] @@ -151,7 +151,7 @@ END; - + @@ -168,9 +168,9 @@ END; END; %]; [%+ IF nrFinished == nrConstituents && nrFailedConstituents == 0 %] - all [% nrConstituents %] constituent builds succeeded + all [% HTML.escape(nrConstituents) %] constituent builds succeeded [% ELSE %] - [% nrFailedConstituents %] out of [% nrConstituents %] constituent builds failed + [% HTML.escape(nrFailedConstituents) %] out of [% HTML.escape(nrConstituents) %] constituent builds failed [% IF nrFinished < nrConstituents %] ([% nrConstituents - nrFinished %] still pending) [% END %] @@ -180,25 +180,25 @@ END; - + [% IF build.releasename %] - + [% ELSE %] - + [% END %] [% IF eval %] [% END %] @@ -226,9 +226,9 @@ END; [% END %] @@ -336,12 +336,12 @@ END; [% IF eval.nixexprinput %] - + [% END %] - + @@ -361,11 +361,11 @@ END; - + - + @@ -376,14 +376,14 @@ END; + ( chartsURL) %]>history) [% END %] [% IF build.finished && build.closuresize %] + ( chartsURL) %]>history) [% END %] [% IF build.finished && build.buildproducts %] @@ -412,9 +412,9 @@ END; [% FOREACH metric IN build.buildmetrics %] - - - + + + [% END %] @@ -456,8 +456,8 @@ END; [% FOREACH input IN build.dependents %] - - + + [% END %] @@ -484,7 +484,7 @@ END; [% ELSIF runcommandlogProblem == "disabled-jobset" %] This jobset does not enable Dynamic RunCommand support. [% ELSE %] - Dynamic RunCommand is not enabled: [% runcommandlogProblem %]. + Dynamic RunCommand is not enabled: [% HTML.escape(runcommandlogProblem) %]. [% END %] [% END %] @@ -503,18 +503,18 @@ END;
    -
    [% runcommandlog.command | html%]
    +
    [% runcommandlog.command | html %]
    [% IF not runcommandlog.is_running() %] [% IF runcommandlog.did_fail_with_signal() %] - Exit signal: [% runcommandlog.signal %] + Exit signal: [% runcommandlog.signal | html %] [% IF runcommandlog.core_dumped %] (Core Dumped) [% END %] [% ELSIF runcommandlog.did_fail_with_exec_error() %] - Exec error: [% runcommandlog.error_number %] + Exec error: [% runcommandlog.error_number | html %] [% ELSIF not runcommandlog.did_succeed() %] - Exit code: [% runcommandlog.exit_code %] + Exit code: [% runcommandlog.exit_code | html %] [% END %] [% END %]
    @@ -532,9 +532,9 @@ END; [% IF runcommandlog.uuid != undef %] [% runLog = c.uri_for('/build', build.id, 'runcommandlog', runcommandlog.uuid) %]
    - pretty - raw - tail + runLog) %]>pretty + runLog) %]/raw">raw + runLog) %]/tail">tail
    [% END %]
    diff --git a/src/root/channel-contents.tt b/src/root/channel-contents.tt index 083d6ae5..11d0323d 100644 --- a/src/root/channel-contents.tt +++ b/src/root/channel-contents.tt @@ -7,7 +7,7 @@ href="http://nixos.org/">Nix package manager. If you have Nix installed, you can subscribe to this channel by once executing

    -$ nix-channel --add [% curUri +%]
+$ nix-channel --add [% HTML.escape(curUri) +%]
 $ nix-channel --update
    @@ -49,9 +49,9 @@ installed, you can subscribe to this channel by once executing

    [% b = pkg.build %] - - - + + + [% END %] - + [% IF !hideJobName %] [% END %] - - + + [% IF showDescription %] - + [% END %] [% END; IF linkToAll %] - + [% END; END; @@ -176,11 +176,11 @@ BLOCK renderBuildList; END; -BLOCK renderLink %][% title %][% END; +BLOCK renderLink %] uri) %]>[% HTML.escape(title) %][% END; BLOCK maybeLink; - IF uri %] uri, class => class); IF confirmmsg +%] onclick="javascript:return confirm('[% confirmmsg %]')"[% END %]>[% content %][% ELSE; content; END; + IF uri %] uri, class => class); IF confirmmsg +%] onclick="javascript:return confirm('[% confirmmsg %]')"[% END %]>[% HTML.escape(content) %][% ELSE; HTML.escape(content); END; END; @@ -192,7 +192,7 @@ BLOCK renderSelection; [% END %] @@ -200,7 +200,7 @@ BLOCK renderSelection; [% ELSE %] [% END; @@ -216,12 +216,12 @@ BLOCK editString; %] BLOCK renderFullBuildLink; - INCLUDE renderFullJobNameOfBuild build=build %] build [% build.id %][% + INCLUDE renderFullJobNameOfBuild build=build %] c.uri_for('/build' build.id)) %]>build [% HTML.escape(build.id) %][% END; BLOCK renderBuildIdLink; %] -build [% id %] + c.uri_for('/build' id)) %]>build [% HTML.escape(id) %] [% END; @@ -320,7 +320,7 @@ END; BLOCK renderShortInputValue; IF input.type == "build" || input.type == "sysbuild" %] - [% input.dependency.id %] + c.uri_for('/build' input.dependency.id)) %]>[% HTML.escape(input.dependency.id) %] [% ELSIF input.type == "string" %] "[% HTML.escape(input.value) %]" [% ELSIF input.type == "nix" || input.type == "boolean" %] @@ -338,7 +338,7 @@ BLOCK renderDiffUri; url = bi1.uri; path = url.replace(base, ''); IF url.match(base) %] - [% contents %] + m.uri.replace('_path_', path).replace('_1_', bi1.revision).replace('_2_', bi2.revision)) %]>[% HTML.escape(contents) %] [% nouri = 0; END; END; @@ -347,13 +347,13 @@ BLOCK renderDiffUri; url = res.0; branch = res.1; IF bi1.type == "hg" || bi1.type == "git" %] - c.uri_for('/api/scmdiff', { uri = url, rev1 = bi1.revision, rev2 = bi2.revision, type = bi1.type, branch = branch - })) %]">[% contents %] + })) %]>[% HTML.escape(contents) %] [% ELSE; contents; END; @@ -369,8 +369,8 @@ BLOCK renderInputs; %] [% FOREACH input IN inputs %] - - + + - + [% END %] @@ -407,33 +407,33 @@ BLOCK renderInputDiff; %] IF bi1.name == bi2.name; IF bi1.type == bi2.type; IF bi1.value != bi2.value || bi1.uri != bi2.uri %] - + [% ELSIF bi1.uri == bi2.uri && bi1.revision != bi2.revision %] [% IF bi1.type == "git" %] [% ELSE %] [% END %] [% ELSIF bi1.dependency.id != bi2.dependency.id || bi1.path != bi2.path %] [% END %] [% ELSE %] - + [% END; deletedInput = 0; END; END; IF deletedInput == 1 %] - + [% END; END; END %] @@ -443,10 +443,10 @@ BLOCK renderInputDiff; %] BLOCK renderPager %] - + [% IF !jobset && !build %] [% END %] @@ -507,7 +507,7 @@ BLOCK renderEvals %] [% IF e.changedInputs.size > 0; sep=''; FOREACH input IN e.changedInputs; - sep; %] [% input.name %] → [% INCLUDE renderShortEvalInput input=input; + sep; %] [% HTML.escape(input.name) %] → [% INCLUDE renderShortEvalInput input=input; sep=', '; END; ELSE %] @@ -518,29 +518,29 @@ BLOCK renderEvals %] [% END %] [% END; IF linkToAll %] - + [% END %]
    Build ID:[% build.id %][% HTML.escape(build.id) %]
    Status:
    System:[% build.system %][% build.system | html %]
    Release name:[% HTML.escape(build.releasename) %][% build.releasename | html %]
    Nix name:[% build.nixname %][% build.nixname | html %]
    Part of: - evaluation [% eval.id %] - [% IF nrEvals > 1 +%] (and [% nrEvals - 1 %] others)[% END %] + c.uri_for(c.controller('JobsetEval').action_for('view'), [eval.id])) %]>evaluation [% HTML.escape(eval.id) %] + [% IF nrEvals > 1 +%] (and c.uri_for('/build' build.id 'evals')) %]>[% nrEvals - 1 %] others)[% END %]
    Logfile: [% actualLog = cachedBuildStep ? c.uri_for('/build' cachedBuild.id 'nixlog' cachedBuildStep.stepnr) : c.uri_for('/build' build.id 'log') %] - pretty - raw - tail + actualLog) %]>pretty + actualLog _ "/raw") %]>raw + actualLog _ "/tail") %]>tail
    Nix expression:file [% HTML.escape(eval.nixexprpath) %] in input [% HTML.escape(eval.nixexprinput) %]file [% eval.nixexprpath | html %] in input [% eval.nixexprinput | html %]
    Nix name:[% build.nixname %][% build.nixname | html %]
    Short description:
    System:[% build.system %][% build.system | html %]
    Derivation store path:[% build.drvpath %][% build.drvpath | html %]
    Output store paths:
    Closure size: [% mibs(build.closuresize / (1024 * 1024)) %] MiB - (history)
    Output size: [% mibs(build.size / (1024 * 1024)) %] MiB - (history)
    c.uri_for('/job' project.name jobset.name job 'metric' metric.name)) %]">[%HTML.escape(metric.name)%][%metric.value%][%metric.unit%] c.uri_for('/job' project.name jobset.name job 'metric' metric.name)) %]">[% metric.name | html %][% HTML.escape(metric.value) %][% HTML.escape(metric.unit) %]
    [% INCLUDE renderFullBuildLink build=input.build %][% input.name %][% input.build.system %][% input.name | html %][% input.build.system | html %] [% INCLUDE renderDateTime timestamp = input.build.timestamp %]
    [% b.id %][% b.get_column('releasename') || b.nixname %][% b.system %] c.uri_for('/build' b.id)) %]>[% HTML.escape(b.id) %][% b.get_column('releasename') || b.nixname | html %][% b.system | html %] [% IF b.homepage %] b.homepage) %]>[% HTML.escape(b.description) %] diff --git a/src/root/common.tt b/src/root/common.tt index 7a93cc95..38bb64f2 100644 --- a/src/root/common.tt +++ b/src/root/common.tt @@ -55,17 +55,17 @@ BLOCK renderRelativeDate %] [% END; BLOCK renderProjectName %] -[% project %] + c.uri_for('/project' project)) %]>[% project | html %] [% END; BLOCK renderJobsetName %] -[% jobset %] + c.uri_for('/jobset' project jobset)) %]>[% jobset | html %] [% END; BLOCK renderJobName %] -[% job %] + c.uri_for('/job' project jobset job)) %]>[% job | html %] [% END; @@ -98,7 +98,7 @@ BLOCK renderDrvInfo; .substr(0, -4); # strip `.drv` IF drvname != releasename; IF step.type == 0; action = "Build"; ELSE; action = "Substitution"; END; - IF drvname; %] ([% action %] of [% drvname %])[% END; + IF drvname; %] ([% HTML.escape(action) %] of [% HTML.escape(drvname) %])[% END; END; END; @@ -140,25 +140,25 @@ BLOCK renderBuildListBody; [% IF showSchedulingInfo %] [% IF busy %]Started[% ELSE %]Queued[% END %][% build.id %] link) %]>[% HTML.escape(build.id) %] - [% IF !hideJobsetName %][%build.jobset.get_column("project")%]:[%build.jobset.get_column("name")%]:[% END %][%build.get_column("job")%] + link) %]>[% IF !hideJobsetName %][% HTML.escape(build.jobset.get_column("project")) %]:[% HTML.escape(build.jobset.get_column("name")) %]:[% END %][% HTML.escape(build.get_column("job")) %] [% IF showStepName %] [% INCLUDE renderDrvInfo step=build.buildsteps releasename=build.nixname %] [% END %] [% t = showSchedulingInfo ? build.timestamp : build.stoptime; IF t; INCLUDE renderRelativeDate timestamp=(showSchedulingInfo ? build.timestamp : build.stoptime); ELSE; "-"; END %][% !showSchedulingInfo and build.get_column('releasename') ? build.get_column('releasename') : build.nixname %][% build.system %][% !showSchedulingInfo and build.get_column('releasename') ? HTML.escape(build.get_column('releasename')) : HTML.escape(build.nixname) %][% build.system | html %][% build.description %][% HTML.escape(build.description) %]
    More...
    linkToAll) %]>More...
    [% input.name %][% type = input.type; inputTypes.$type %][% input.name | html %][% type = input.type; HTML.escape(inputTypes.$type) %] [% IF input.type == "build" || input.type == "sysbuild" %] [% INCLUDE renderFullBuildLink build=input.dependency %] @@ -383,7 +383,7 @@ BLOCK renderInputs; %] [% END %] [% IF input.revision %][% HTML.escape(input.revision) %][% END %][% input.path %][% input.path | html %]
    [% bi1.name %][% INCLUDE renderShortInputValue input=bi1 %] to [% INCLUDE renderShortInputValue input=bi2 %]
    [% HTML.escape(bi1.name) %][% INCLUDE renderShortInputValue input=bi1 %] to [% INCLUDE renderShortInputValue input=bi2 %]
    - [% bi1.name %][% INCLUDE renderDiffUri contents=(bi1.revision.substr(0, 12) _ ' to ' _ bi2.revision.substr(0, 12)) %] + [% HTML.escape(bi1.name) %][% INCLUDE renderDiffUri contents=(bi1.revision.substr(0, 12) _ ' to ' _ bi2.revision.substr(0, 12)) %]
    - [% bi1.name %][% INCLUDE renderDiffUri contents=(bi1.revision _ ' to ' _ bi2.revision) %] + [% HTML.escape(bi1.name) %][% INCLUDE renderDiffUri contents=(bi1.revision _ ' to ' _ bi2.revision) %]
    - [% bi1.name %][% INCLUDE renderShortInputValue input=bi1 %] to [% INCLUDE renderShortInputValue input=bi2 %] + [% HTML.escape(bi1.name) %][% INCLUDE renderShortInputValue input=bi1 %] to [% INCLUDE renderShortInputValue input=bi2 %]

    [% INCLUDE renderInputDiff inputs1=bi1.dependency.inputs inputs2=bi2.dependency.inputs nestedDiff=1 nestLevel=nestLevel+1 %]
    [% bi1.name %]Changed input type from '[% type = bi1.type; inputTypes.$type %]' to '[% type = bi2.type; inputTypes.$type %]'
    [% HTML.escape(bi1.name) %]Changed input type from '[% type = bi1.type; HTML.escape(inputTypes.$type) %]' to '[% type = bi2.type; HTML.escape(inputTypes.$type) %]'
    [% bi1.name %]Input not present in this build.
    [% HTML.escape(bi1.name) %]Input not present in this build.
    [% eval.id %] link) %]>[% HTML.escape(eval.id) %][% INCLUDE renderFullJobsetName project=eval.jobset.project.name jobset=eval.jobset.name %] - [% e.nrSucceeded %] + [% HTML.escape(e.nrSucceeded) %] [% IF e.nrFailed > 0 %] - [% e.nrFailed %] + [% HTML.escape(e.nrFailed) %] [% END %] [% IF e.nrScheduled > 0 %] - [% e.nrScheduled %] + [% HTML.escape(e.nrScheduled) %] [% END %] [% IF e.diff > 0 %] - +[% e.diff %] + +[% HTML.escape(e.diff) %] [% ELSIF e.diff < 0 && e.nrScheduled == 0 %] - [% e.diff %] + [% HTML.escape(e.diff) %] [% END %]
    More...
    linkToAll) %]>More...
    @@ -548,19 +548,19 @@ BLOCK renderEvals %] BLOCK renderLogLinks %] -(log, raw, tail) +( url) %]>log, "$url/raw") %]>raw, "$url/tail") %]>tail) [% END; BLOCK makeLazyTab %] -
    +
    tabName) %] class="tab-pane">
    [% END; @@ -587,7 +587,7 @@ BLOCK navItem %]
  • uri) %]> - [% title %] + [% HTML.escape(title) %]
    • [% END; @@ -657,17 +657,17 @@ BLOCK renderJobsetOverview %] [% successrate FILTER format('%d') %]% [% IF j.get_column('nrsucceeded') > 0 %] - [% j.get_column('nrsucceeded') %] + [% HTML.escape(j.get_column('nrsucceeded')) %] [% END %] [% IF j.get_column('nrfailed') > 0 %] - [% j.get_column('nrfailed') %] + [% HTML.escape(j.get_column('nrfailed')) %] [% END %] [% IF j.get_column('nrscheduled') > 0 %] - [% j.get_column('nrscheduled') %] + [% HTML.escape(j.get_column('nrscheduled')) %] [% END %] @@ -695,12 +695,12 @@ BLOCK renderYesNo %] BLOCK createChart %] -
    -
    +
    +
    diff --git a/src/root/dashboard-my-jobs-tab.tt b/src/root/dashboard-my-jobs-tab.tt index a1e82612..470c174c 100644 --- a/src/root/dashboard-my-jobs-tab.tt +++ b/src/root/dashboard-my-jobs-tab.tt @@ -9,7 +9,7 @@ [% ELSE %] -

    Below are the most recent builds of the [% builds.size %] jobs of which you +

    Below are the most recent builds of the [% HTML.escape(builds.size) %] jobs of which you ([% HTML.escape(user.emailaddress) %]) are a maintainer.

    [% INCLUDE renderBuildList %] diff --git a/src/root/dashboard.tt b/src/root/dashboard.tt index 06b8de15..0daf3dad 100644 --- a/src/root/dashboard.tt +++ b/src/root/dashboard.tt @@ -24,7 +24,7 @@ [% INCLUDE renderFullJobName project=j.job.get_column('project') jobset=j.job.get_column('jobset') job=j.job.job %] [% FOREACH b IN j.builds %] - [% INCLUDE renderBuildStatusIcon size=16 build=b %] + c.uri_for('/build' b.id)) %]>[% INCLUDE renderBuildStatusIcon size=16 build=b %] [% END %] [% END %] diff --git a/src/root/deps.tt b/src/root/deps.tt index 6daa9725..4cb49af4 100644 --- a/src/root/deps.tt +++ b/src/root/deps.tt @@ -3,20 +3,20 @@ [% BLOCK renderNode %]
  • [% IF done.${node.path} %] - [% node.name %] (repeated) + [% node.name | html %] ( "#" _ done.${node.path}) %]>repeated) [% ELSE %] [% done.${node.path} = global.nodeId; global.nodeId = global.nodeId + 1; %] [% IF node.refs.size > 0 %] [% END %] - + done.${node.path}) %]> [% IF node.buildStep %] - [% node.name %] [% + c.uri_for('/build' node.buildStep.get_column('build'))) %]>[% node.name %] [% IF buildStepLogExists(node.buildStep); INCLUDE renderLogLinks url=c.uri_for('/build' node.buildStep.get_column('build') 'nixlog' node.buildStep.stepnr); END %] [% ELSE %] - [% node.name %] (no info) + [% node.name | html %] (no info) [% END %] [% IF isRoot %] diff --git a/src/root/edit-jobset.tt b/src/root/edit-jobset.tt index 61e3636f..a3c1c9c5 100644 --- a/src/root/edit-jobset.tt +++ b/src/root/edit-jobset.tt @@ -7,17 +7,17 @@ [% USE format %] [% BLOCK renderJobsetInput %] - + id) %][% END %]> - input.name) %]/> + baseName _ "-name", name => baseName _ "-name", value => input.name) %] /> [% INCLUDE renderSelection curValue=input.type param="$baseName-type" options=inputTypes edit=1 %] - + baseName) %]> [% IF createFromEval %] [% value = (input.uri or input.value); IF input.revision; value = value _ " " _ input.revision; END; warn = input.altnr != 0; @@ -36,7 +36,7 @@ value, id => "$baseName-value", name => "$baseName-value") %]/> - + "$baseName-emailresponsible", name => "$baseName-emailresponsible") %] [% IF input.emailresponsible; 'checked="checked"'; END %]/> [% END %] @@ -149,7 +149,7 @@
    @@ -195,7 +195,7 @@ [% INCLUDE renderJobsetInputs %] - + [% INCLUDE renderJobsetInput input="" extraClass="template" id="input-template" baseName="input-template" %] diff --git a/src/root/edit-project.tt b/src/root/edit-project.tt index bb850e5c..7ee5331b 100644 --- a/src/root/edit-project.tt +++ b/src/root/edit-project.tt @@ -86,7 +86,7 @@ diff --git a/src/root/evals.tt b/src/root/evals.tt index c12079d1..b65fe15d 100644 --- a/src/root/evals.tt +++ b/src/root/evals.tt @@ -10,7 +10,7 @@ [% PROCESS common.tt %]

    Showing evaluations [% (page - 1) * resultsPerPage + 1 %] - [% -(page - 1) * resultsPerPage + evals.size %] out of [% total %].

    +(page - 1) * resultsPerPage + evals.size %] out of [% HTML.escape(total) %].

    [% INCLUDE renderEvals %] diff --git a/src/root/job-metrics-tab.tt b/src/root/job-metrics-tab.tt index 123a00f1..c7433264 100644 --- a/src/root/job-metrics-tab.tt +++ b/src/root/job-metrics-tab.tt @@ -16,7 +16,7 @@ [% FOREACH metric IN metrics %] -

    Metric: c.uri_for('/job' project.name jobset.name job 'metric' metric.name)) %]>[%HTML.escape(metric.name)%]

    +

    Metric: c.uri_for('/job' project.name jobset.name job 'metric' metric.name)) %]>[% HTML.escape(metric.name) %]

    [% id = metricDivId(metric.name); INCLUDE createChart dataUrl=c.uri_for('/job' project.name jobset.name job 'metric' metric.name); %] diff --git a/src/root/job.tt b/src/root/job.tt index 7e475f69..1a82a86b 100644 --- a/src/root/job.tt +++ b/src/root/job.tt @@ -10,8 +10,8 @@ [% IF !jobExists(jobset, job) %]
    This job is not a member of the latest evaluation of its jobset. This means it was +[% HTML.attributes(href => c.uri_for('/jobset' project.name jobset.name +'evals')) %]>latest evaluation of its jobset. This means it was removed or had an evaluation error.
    [% END %] @@ -46,7 +46,7 @@ removed or had an evaluation error. its success or failure is determined entirely by the result of building its constituent jobs. The table below shows the status of each constituent job for the [% - aggregates.keys.size %] most recent builds of the + HTML.escape(aggregates.keys.size) %] most recent builds of the aggregate. [% aggs = aggregates.keys.nsort.reverse %] @@ -58,7 +58,7 @@ removed or had an evaluation error. [% END %] @@ -70,7 +70,7 @@ removed or had an evaluation error. [% FOREACH agg IN aggs %] [% END %] @@ -22,9 +22,9 @@ [% FOREACH chan IN channels-%] - + [% FOREACH eval IN evalIds %] - + [% END %] [% END %] diff --git a/src/root/jobset-eval.tt b/src/root/jobset-eval.tt index 11965ce2..6e97c386 100644 --- a/src/root/jobset-eval.tt +++ b/src/root/jobset-eval.tt @@ -14,22 +14,22 @@ [% IF project.jobsets_rs.count > 1 %]
    [% FOREACH j IN project.jobsets.sort('name'); IF j.name != jobset.name %] - Jobset [% project.name %]:[% j.name %] + Jobset [% project.name | html %]:[% j.name | html %] [% END; END %] [% END %]

    This evaluation was performed [% IF eval.flake %]from the flake -[%HTML.escape(eval.flake)%][%END%] on [% INCLUDE renderDateTime +[% HTML.escape(eval.flake) %][% END %] on [% INCLUDE renderDateTime timestamp=eval.timestamp %]. Fetching the dependencies took [% -eval.checkouttime %]s and evaluation took [% eval.evaltime %]s.

    +eval.checkouttime %]s and evaluation took [% HTML.escape(eval.evaltime) %]s.

    [% IF otherEval %]

    Comparisons are relative to [% INCLUDE renderFullJobsetName -project=otherEval.jobset.project.name jobset=otherEval.jobset.name %] evaluation [% otherEval.id %].

    +project=otherEval.jobset.project.name jobset=otherEval.jobset.name %] evaluation c.uri_for(c.controller('JobsetEval').action_for('view'), +[otherEval.id])) %]>[% HTML.escape(otherEval.id) %].

    [% END %] @@ -45,46 +45,46 @@ c.uri_for(c.controller('JobsetEval').action_for('view'),
  • Actions
    - Create a jobset from this evaluation + c.uri_for(c.controller('JobsetEval').action_for('create_jobset'), [eval.id])) %]>Create a jobset from this evaluation [% IF totalQueued > 0 %] - Cancel all scheduled builds + c.uri_for(c.controller('JobsetEval').action_for('cancel'), [eval.id])) %]>Cancel all scheduled builds [% END %] [% IF totalFailed > 0 %] - Restart all failed builds + c.uri_for(c.controller('JobsetEval').action_for('restart_failed'), [eval.id])) %]>Restart all failed builds [% END %] [% IF totalAborted > 0 %] - Restart all aborted builds + c.uri_for(c.controller('JobsetEval').action_for('restart_aborted'), [eval.id])) %]>Restart all aborted builds [% END %] [% IF totalQueued > 0 %] - Bump builds to front of queue + c.uri_for(c.controller('JobsetEval').action_for('bump'), [eval.id])) %]>Bump builds to front of queue [% END %]
    • [% END %] [% IF aborted.size > 0 %] -
  • Aborted / Timed out Jobs ([% aborted.size %])
    • +
  • Aborted / Timed out Jobs ([% HTML.escape(aborted.size) %])
    • [% END %] [% IF nowFail.size > 0 %] -
  • Newly Failing Jobs ([% nowFail.size %])
    • +
  • Newly Failing Jobs ([% HTML.escape(nowFail.size) %])
    • [% END %] [% IF nowSucceed.size > 0 %] -
  • Newly Succeeding Jobs ([% nowSucceed.size %])
    • +
  • Newly Succeeding Jobs ([% HTML.escape(nowSucceed.size) %])
    • [% END %] [% IF new.size > 0 %] -
  • New Jobs ([% new.size %])
    • +
  • New Jobs ([% HTML.escape(new.size) %])
    • [% END %] [% IF removed.size > 0 %] -
  • Removed Jobs ([% removed.size %])
    • +
  • Removed Jobs ([% HTML.escape(removed.size) %])
    • [% END %] [% IF stillFail.size > 0 %] -
  • Still Failing Jobs ([% stillFail.size %])
    • +
  • Still Failing Jobs ([% HTML.escape(stillFail.size) %])
    • [% END %] [% IF stillSucceed.size > 0 %] -
  • Still Succeeding Jobs ([% stillSucceed.size %])
    • +
  • Still Succeeding Jobs ([% HTML.escape(stillSucceed.size) %])
    • [% END %] [% IF unfinished.size > 0 %] -
  • Queued Jobs ([% unfinished.size %])
    • +
  • Queued Jobs ([% HTML.escape(unfinished.size) %])
    • [% END %]
  • Inputs
    • @@ -99,7 +99,7 @@ c.uri_for(c.controller('JobsetEval').action_for('view'), [% INCLUDE renderBuildListBody builds=builds.slice(0, (size > max ? max : size) - 1) hideProjectName=1 hideJobsetName=1 busy=0 %] [% IF size > max; params = c.req.params; params.full = 1 %] - + [% END %] [% INCLUDE renderBuildListFooter %] [% END %] @@ -132,11 +132,11 @@ c.uri_for(c.controller('JobsetEval').action_for('view'), [% FOREACH j IN removed.slice(0,(size > max ? max : size) - 1) %] - + [% END %] [% IF size > max; params = c.req.params; params.full = 1 %] - + [% END %]
    [% agg_ = aggregates.$agg %]
    [% r = aggregates.$agg.constituents.$j; IF r.id %] - + c.uri_for('/build' r.id)) %]> [% INCLUDE renderBuildStatusIcon size=16 build=r %] [% END %] @@ -89,8 +89,8 @@ removed or had an evaluation error. diff --git a/src/root/jobset-channels-tab.tt b/src/root/jobset-channels-tab.tt index 692f2682..5ea8ce1b 100644 --- a/src/root/jobset-channels-tab.tt +++ b/src/root/jobset-channels-tab.tt @@ -14,7 +14,7 @@ [% FOREACH eval IN evalIds %]
    [% chan %] c.uri_for('/channel/custom' project.name jobset.name chan)) %]>[% HTML.escape(chan) %][% r = evals.$eval.builds.$chan; IF r.id %][% INCLUDE renderBuildStatusIcon size=16 build=r %][% END %][% r = evals.$eval.builds.$chan; IF r.id %] c.uri_for('/build' r.id)) %]>[% INCLUDE renderBuildStatusIcon size=16 build=r %][% END %]
    ([% size - max %] more builds omitted)
    c.uri_for(c.controller('JobsetEval').action_for('view'), [eval.id], params) _ tabname) %]>([% size - max %] more builds omitted)
    [% INCLUDE renderJobName project=project.name jobset=jobset.name job=j.job %][% j.system %][% j.system | html %]
    ([% size - max %] more jobs omitted)
    ([% size - max %] more jobs omitted)
    diff --git a/src/root/jobset-jobs-tab.tt b/src/root/jobset-jobs-tab.tt index 707d329e..ddb63caa 100644 --- a/src/root/jobset-jobs-tab.tt +++ b/src/root/jobset-jobs-tab.tt @@ -41,7 +41,7 @@ [% ELSE %] [% IF nrJobs > jobs.size %] -
    Showing the first [% jobs.size %] jobs. Show all [% nrJobs %] jobs...
    +
    Showing the first [% HTML.escape(jobs.size) %] jobs. Show all [% HTML.escape(nrJobs) %] jobs...
    [% END %] [% evalIds = evals.keys.nsort.reverse %] @@ -52,7 +52,7 @@ [% FOREACH eval IN evalIds %] [% END %] @@ -62,7 +62,7 @@ [% INCLUDE renderJobName project=project.name jobset=jobset.name job=j %] [% FOREACH eval IN evalIds %] - [% r = evals.$eval.builds.$j; IF r.id %][% INCLUDE renderBuildStatusIcon size=16 build=r %][% END %] + [% r = evals.$eval.builds.$j; IF r.id %] c.uri_for('/build' r.id)) %]>[% INCLUDE renderBuildStatusIcon size=16 build=r %][% END %] [% END %] [% END %] diff --git a/src/root/jobset.tt b/src/root/jobset.tt index 3e594756..c0b6e4cd 100644 --- a/src/root/jobset.tt +++ b/src/root/jobset.tt @@ -6,14 +6,14 @@ [% BLOCK renderJobsetInput %] - + id) %][% END %]> [% HTML.escape(input.name) %] [% INCLUDE renderSelection curValue=input.type param="$baseName-type" options=inputTypes %] - + baseName) %]> [% FOREACH alt IN input.search_related('jobsetinputalts', {}, { order_by => 'altnr' }) %] [% IF input.type == "string" %] @@ -153,11 +153,11 @@ [% END %] Check interval: - [% jobset.checkinterval || "disabled" %] + [% HTML.escape(jobset.checkinterval) || "disabled" %] Scheduling shares: - [% jobset.schedulingshares %] [% IF totalShares %] ([% f = format("%.2f"); f(jobset.schedulingshares / totalShares * 100) %]% out of [% totalShares %] shares)[% END %] + [% HTML.escape(jobset.schedulingshares) %] [% IF totalShares %] ([% f = format("%.2f"); f(jobset.schedulingshares / totalShares * 100) %]% out of [% HTML.escape(totalShares) %] shares)[% END %] Enable Dynamic RunCommand Hooks: @@ -175,7 +175,7 @@ [% END %] Number of evaluations to keep: - [% jobset.keepnr %] + [% HTML.escape(jobset.keepnr) %] @@ -188,7 +188,7 @@ diff --git a/src/root/layout.tt b/src/root/layout.tt index b520b455..37f4cb7f 100644 --- a/src/root/layout.tt +++ b/src/root/layout.tt @@ -24,7 +24,7 @@