StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Do not use o=ALL_EMAILS parameter.

Browse Source 
For security reason, this REST API parameter needs account modification
permission to get all email addresses. Now changed to ask only account
number to verify an email address.

Bug: 79863374
Test: test with existing OWNERS
Change-Id: Ic913b7ad96a69c35d1d91e5871f4c5636e73533d
This commit is contained in:
Chih-Hung Hsieh
2018-05-16 11:44:50 -07:00
parent d350b16d50
commit c5c443c756
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tools/checkowners.py
View File

@@ -30,12 +30,11 @@ def echo(msg):
def find_address(address):
if address not in checked_addresses:
request = (gerrit_server + '/accounts/?n=1&o=ALL_EMAILS&q=email:'
request = (gerrit_server + '/accounts/?n=1&q=email:'
+ urllib.quote(address))
echo('Checking email address: ' + address)
result = urllib2.urlopen(request).read()
checked_addresses[address] = (
result.find('"email":') >= 0 and result.find('"_account_id":') >= 0)
checked_addresses[address] = result.find('"_account_id":') >= 0
return checked_addresses[address]