/ 
Yukki-0.110880
/ Yukki::Model::Repository
Security Advisories (10)
CVE-2010-5312 (2014-11-24)

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2020-11022 (2020-04-29)

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-11023 (2020-04-29)

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2019-11358 (2019-04-20)

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2015-9251 (2018-01-18)

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CVE-2011-4969 (2013-03-08)

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

CVE-2012-6708 (2018-01-18)

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

CVE-2020-7656 (2020-05-19)

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

CVE-2019-5428

Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.

CVE-2014-6071 (2018-01-16)

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.

NAME

Yukki::Model::Repository - model for accessing objects in a git repository

VERSION

version 0.110880

SYNOPSIS

my $repository = $app->model('Repository', { name => 'main' });
my $file = $repository->file({ path => 'foo.yukki' });

DESCRIPTION

This model contains methods for performing all the individual operations required to store files into and fetch files from the git repository. It includes tools for building trees, commiting, creating blobs, fetching file lists, etc.

EXTENDS

Yukki::Model

ATTRIBUTES

name

This is the name of the repository. This is used to lookup the configuration for the repository from the yukki.conf.

repository_settings

These are the settings telling this model where to find the git repository and how to access it. It is loaded automatically using the "name" to look up information in the yukki.conf.

repository_path

This is the path to the repository. It is located using the repository_path and repository keys in the configuration.

git

This is a Git::Repository object which helps us do the real work.

METHODS

author_name

This is the author name to use when making changes to the repository.

This is taken from the author_name of the anonymous key in the configuration or defaults to "Anonymous".

author_email

This is the author email to use when making changes to the repository.

This is taken from teh author_email of the anonymous key in the configuration or defaults to "anonymous@localhost".

make_tree

my $tree_id = $repository->make_tree($old_tree_id, \@parts, $object_id);

This will construct one or more trees in the git repository to place the $object_id into the deepest tree. This starts by reading the tree found using the object ID in $old_tree_id. The first path part in @parts is shifted off. If an existing path is found there, that path will be replaced. If not, a new path will be added. A tree object will be constructed for all byt he final path part in @parts.

When the final part is reached, that path will be placed into the final tree as a blob using the given $object_id.

This method will fail if it runs into a situation where a blob would be replaced by a tree or a tree would be replaced by a blob.

The method returns the object ID of the top level tree created.

make_blob

my $object_id = $repository->make_blob($name, $content);

This creates a new file blob in the git repository with the given name and the file contents.

make_blob_from_file

my $object_id = $repository->make_blob_from_file($name, $filename);

This is identical to "make_blob", except that the contents are read from the given filename on the local disk.

find_root

my $tree_id = $repository->find_root;

This returns the object ID for the tree at the root of the "branch".

commit_tree

my $commit_id = $self->commit_tree($old_tree_id, $new_tree_id, $comment);

This takes an existing tree commit (generally found with "find_root"), a new tree to replace it (generally constructed by "make_tree") and creates a commit using the given comment.

The object ID of the committed ID is returned.

update_root

$self->update_root($old_tree_id, $new_tree_id);

Given a old commit ID and a new commit ID, this moves the HEAD of the "branch" so that it points to the new commit. This is called after "commit_tree" has setup the commit.

find_path

my $object_id = $self->find_path($path);

Given a path within the repository, this will find the object ID of that tree or blob at that path for the "branch".

show

my $content = $repository->show($object_id);

Returns the contents of the blob for the given object ID.

fetch_size

my $bytes = $repository->fetch_size($path);

Returns the size, in bites, of the blob at the given path.

list_files

my @files = $repository->list_files($path);

Returns a list of Yukki::Model::File objects for all the files found at $path in the repository.

file

my $file = $repository->file({ path => 'foo', filetype => 'yukki' });

Returns a single Yukki::Model::File object for the given path and filetype.

AUTHOR

Andrew Sterling Hanenkamp <hanenkamp@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2011 by Qubling Software LLC.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.