fix: security warnings related to information exposure and regex validations (#3325)

This commit is contained in:
Nikhil 2024-01-08 23:26:32 +05:30 committed by sriram veeraghanta
parent 68d370fd86
commit 43b503c756
5 changed files with 13 additions and 17 deletions

View File

@ -104,15 +104,14 @@ class BaseAPIView(TimezoneMixin, APIView, BasePaginator):
)
if isinstance(e, ObjectDoesNotExist):
model_name = str(exc).split(" matching query does not exist.")[0]
return Response(
{"error": f"{model_name} does not exist."},
{"error": f"The required object does not exist."},
status=status.HTTP_404_NOT_FOUND,
)
if isinstance(e, KeyError):
return Response(
{"error": f"key {e} does not exist"},
{"error": f" The required key does not exist."},
status=status.HTTP_400_BAD_REQUEST,
)

View File

@ -113,16 +113,15 @@ class BaseViewSet(TimezoneMixin, ModelViewSet, BasePaginator):
)
if isinstance(e, ObjectDoesNotExist):
model_name = str(exc).split(" matching query does not exist.")[0]
return Response(
{"error": f"{model_name} does not exist."},
{"error": f"The required object does not exist."},
status=status.HTTP_404_NOT_FOUND,
)
if isinstance(e, KeyError):
capture_exception(e)
return Response(
{"error": f"key {e} does not exist"},
{"error": f"The required key does not exist."},
status=status.HTTP_400_BAD_REQUEST,
)
@ -216,14 +215,13 @@ class BaseAPIView(TimezoneMixin, APIView, BasePaginator):
)
if isinstance(e, ObjectDoesNotExist):
model_name = str(exc).split(" matching query does not exist.")[0]
return Response(
{"error": f"{model_name} does not exist."},
{"error": f"The required object does not exist."},
status=status.HTTP_404_NOT_FOUND,
)
if isinstance(e, KeyError):
return Response({"error": f"key {e} does not exist"}, status=status.HTTP_400_BAD_REQUEST)
return Response({"error": f"The required key does not exist."}, status=status.HTTP_400_BAD_REQUEST)
if settings.DEBUG:
print(e)

View File

@ -85,14 +85,14 @@ class BaseViewSet(TimezoneMixin, ModelViewSet, BasePaginator):
if isinstance(e, ObjectDoesNotExist):
model_name = str(exc).split(" matching query does not exist.")[0]
return Response(
{"error": f"{model_name} does not exist."},
{"error": f"The required object does not exist."},
status=status.HTTP_404_NOT_FOUND,
)
if isinstance(e, KeyError):
capture_exception(e)
return Response(
{"error": f"key {e} does not exist"},
{"error": "The required key does not exist."},
status=status.HTTP_400_BAD_REQUEST,
)
@ -172,14 +172,13 @@ class BaseAPIView(TimezoneMixin, APIView, BasePaginator):
)
if isinstance(e, ObjectDoesNotExist):
model_name = str(exc).split(" matching query does not exist.")[0]
return Response(
{"error": f"{model_name} does not exist."},
{"error": f"The required object does not exist."},
status=status.HTTP_404_NOT_FOUND,
)
if isinstance(e, KeyError):
return Response({"error": f"key {e} does not exist"}, status=status.HTTP_400_BAD_REQUEST)
return Response({"error": "The required key does not exist."}, status=status.HTTP_400_BAD_REQUEST)
if settings.DEBUG:
print(e)

View File

@ -12,8 +12,8 @@ def search_issues(query, queryset):
fields = ["name", "sequence_id"]
q = Q()
for field in fields:
if field == "sequence_id":
sequences = re.findall(r"\d+\.\d+|\d+", query)
if field == "sequence_id" and len(query) <= 20:
sequences = re.findall(r"[A-Za-z0-9]{1,12}-\d+", query)
for sequence_id in sequences:
q |= Q(**{"sequence_id": sequence_id})
else:

View File

@ -188,7 +188,7 @@ class BasePaginator:
try:
cursor_result = paginator.get_result(limit=per_page, cursor=input_cursor)
except BadPaginationError as e:
raise ParseError(detail=str(e))
raise ParseError(detail="Error in parsing")
# Serialize result according to the on_result function
if on_results: