forked from github/plane
fix: security warnings related to information exposure and regex validations (#3325)
This commit is contained in:
parent
68d370fd86
commit
43b503c756
@ -104,15 +104,14 @@ class BaseAPIView(TimezoneMixin, APIView, BasePaginator):
|
||||
)
|
||||
|
||||
if isinstance(e, ObjectDoesNotExist):
|
||||
model_name = str(exc).split(" matching query does not exist.")[0]
|
||||
return Response(
|
||||
{"error": f"{model_name} does not exist."},
|
||||
{"error": f"The required object does not exist."},
|
||||
status=status.HTTP_404_NOT_FOUND,
|
||||
)
|
||||
|
||||
if isinstance(e, KeyError):
|
||||
return Response(
|
||||
{"error": f"key {e} does not exist"},
|
||||
{"error": f" The required key does not exist."},
|
||||
status=status.HTTP_400_BAD_REQUEST,
|
||||
)
|
||||
|
||||
|
@ -113,16 +113,15 @@ class BaseViewSet(TimezoneMixin, ModelViewSet, BasePaginator):
|
||||
)
|
||||
|
||||
if isinstance(e, ObjectDoesNotExist):
|
||||
model_name = str(exc).split(" matching query does not exist.")[0]
|
||||
return Response(
|
||||
{"error": f"{model_name} does not exist."},
|
||||
{"error": f"The required object does not exist."},
|
||||
status=status.HTTP_404_NOT_FOUND,
|
||||
)
|
||||
|
||||
if isinstance(e, KeyError):
|
||||
capture_exception(e)
|
||||
return Response(
|
||||
{"error": f"key {e} does not exist"},
|
||||
{"error": f"The required key does not exist."},
|
||||
status=status.HTTP_400_BAD_REQUEST,
|
||||
)
|
||||
|
||||
@ -216,14 +215,13 @@ class BaseAPIView(TimezoneMixin, APIView, BasePaginator):
|
||||
)
|
||||
|
||||
if isinstance(e, ObjectDoesNotExist):
|
||||
model_name = str(exc).split(" matching query does not exist.")[0]
|
||||
return Response(
|
||||
{"error": f"{model_name} does not exist."},
|
||||
{"error": f"The required object does not exist."},
|
||||
status=status.HTTP_404_NOT_FOUND,
|
||||
)
|
||||
|
||||
if isinstance(e, KeyError):
|
||||
return Response({"error": f"key {e} does not exist"}, status=status.HTTP_400_BAD_REQUEST)
|
||||
return Response({"error": f"The required key does not exist."}, status=status.HTTP_400_BAD_REQUEST)
|
||||
|
||||
if settings.DEBUG:
|
||||
print(e)
|
||||
|
@ -85,14 +85,14 @@ class BaseViewSet(TimezoneMixin, ModelViewSet, BasePaginator):
|
||||
if isinstance(e, ObjectDoesNotExist):
|
||||
model_name = str(exc).split(" matching query does not exist.")[0]
|
||||
return Response(
|
||||
{"error": f"{model_name} does not exist."},
|
||||
{"error": f"The required object does not exist."},
|
||||
status=status.HTTP_404_NOT_FOUND,
|
||||
)
|
||||
|
||||
if isinstance(e, KeyError):
|
||||
capture_exception(e)
|
||||
return Response(
|
||||
{"error": f"key {e} does not exist"},
|
||||
{"error": "The required key does not exist."},
|
||||
status=status.HTTP_400_BAD_REQUEST,
|
||||
)
|
||||
|
||||
@ -172,14 +172,13 @@ class BaseAPIView(TimezoneMixin, APIView, BasePaginator):
|
||||
)
|
||||
|
||||
if isinstance(e, ObjectDoesNotExist):
|
||||
model_name = str(exc).split(" matching query does not exist.")[0]
|
||||
return Response(
|
||||
{"error": f"{model_name} does not exist."},
|
||||
{"error": f"The required object does not exist."},
|
||||
status=status.HTTP_404_NOT_FOUND,
|
||||
)
|
||||
|
||||
if isinstance(e, KeyError):
|
||||
return Response({"error": f"key {e} does not exist"}, status=status.HTTP_400_BAD_REQUEST)
|
||||
return Response({"error": "The required key does not exist."}, status=status.HTTP_400_BAD_REQUEST)
|
||||
|
||||
if settings.DEBUG:
|
||||
print(e)
|
||||
|
@ -12,8 +12,8 @@ def search_issues(query, queryset):
|
||||
fields = ["name", "sequence_id"]
|
||||
q = Q()
|
||||
for field in fields:
|
||||
if field == "sequence_id":
|
||||
sequences = re.findall(r"\d+\.\d+|\d+", query)
|
||||
if field == "sequence_id" and len(query) <= 20:
|
||||
sequences = re.findall(r"[A-Za-z0-9]{1,12}-\d+", query)
|
||||
for sequence_id in sequences:
|
||||
q |= Q(**{"sequence_id": sequence_id})
|
||||
else:
|
||||
|
@ -188,7 +188,7 @@ class BasePaginator:
|
||||
try:
|
||||
cursor_result = paginator.get_result(limit=per_page, cursor=input_cursor)
|
||||
except BadPaginationError as e:
|
||||
raise ParseError(detail=str(e))
|
||||
raise ParseError(detail="Error in parsing")
|
||||
|
||||
# Serialize result according to the on_result function
|
||||
if on_results:
|
||||
|
Loading…
Reference in New Issue
Block a user