Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

properly handling post request and sanitize request values before logging #705

Merged
merged 10 commits into from
Aug 16, 2024
Merged

properly handling post request and sanitize request values before logging #705

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b3c6d51
properly handling post request
burnout87 Aug 15, 2024
a72095d
adapted tests
burnout87 Aug 15, 2024
74c27e0
Merge branch 'master' into reading-post-requests-gallery
burnout87 Aug 16, 2024
77a9666
sanitize par_dic before logging for gallery
burnout87 Aug 16, 2024
ca1cbe0
Merge branch 'reading-post-requests-gallery' of github.com:oda-hub/di…
burnout87 Aug 16, 2024
57e3c57
sanitize par_dic before logging for gallery and call_back
burnout87 Aug 16, 2024
1141145
unit test sanitize_dict_before_log
burnout87 Aug 16, 2024
95c1f0f
Merge branch 'master' into reading-post-requests-gallery
burnout87 Aug 16, 2024
7b9e8ee
var renaming
burnout87 Aug 16, 2024
c0dab87
more compact code
burnout87 Aug 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 10 additions & 6 deletions cdci_data_analysis/flask_app/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -930,13 +930,13 @@
return output_list



@app.route('/post_astro_entity_to_gallery', methods=['POST'])
def post_astro_entity_to_gallery():
logger.info("request.args: %s ", request.args)
logger.info("request.values: %s ", request.values)

Check warning on line 936 in cdci_data_analysis/flask_app/app.py

View check run for this annotation

Codecov / codecov/patch

cdci_data_analysis/flask_app/app.py#L936 

Added line #L936 was not covered by tests
Fixed Show fixed Hide fixed
logger.info("request.files: %s ", request.files)

token = request.args.get('token', None)
token = request.values.to_dict().get('token', None)

Check warning on line 939 in cdci_data_analysis/flask_app/app.py

View check run for this annotation

Codecov / codecov/patch

cdci_data_analysis/flask_app/app.py#L939 

Added line #L939 was not covered by tests
app_config = app.config.get('conf')
secret_key = app_config.secret_key

Expand All @@ -963,9 +963,10 @@
@app.route('/post_observation_to_gallery', methods=['POST'])
def post_observation_to_gallery():
logger.info("request.args: %s ", request.args)
logger.info("request.values: %s ", request.values)

Check warning on line 966 in cdci_data_analysis/flask_app/app.py

View check run for this annotation

Codecov / codecov/patch

cdci_data_analysis/flask_app/app.py#L966 

Added line #L966 was not covered by tests
Fixed Show fixed Hide fixed
logger.info("request.files: %s ", request.files)

token = request.args.get('token', None)
token = request.values.to_dict().get('token', None)

Check warning on line 969 in cdci_data_analysis/flask_app/app.py

View check run for this annotation

Codecov / codecov/patch

cdci_data_analysis/flask_app/app.py#L969 

Added line #L969 was not covered by tests
app_config = app.config.get('conf')
secret_key = app_config.secret_key

Expand All @@ -992,9 +993,10 @@
@app.route('/post_product_to_gallery', methods=['POST'])
def post_product_to_gallery():
logger.info("request.args: %s ", request.args)
logger.info("request.values: %s ", request.values)

Check warning on line 996 in cdci_data_analysis/flask_app/app.py

View check run for this annotation

Codecov / codecov/patch

cdci_data_analysis/flask_app/app.py#L996 

Added line #L996 was not covered by tests
Fixed Show fixed Hide fixed
logger.info("request.files: %s ", request.files)

token = request.args.get('token', None)
token = request.values.to_dict().get('token', None)

Check warning on line 999 in cdci_data_analysis/flask_app/app.py

View check run for this annotation

Codecov / codecov/patch

cdci_data_analysis/flask_app/app.py#L999 

Added line #L999 was not covered by tests
app_config = app.config.get('conf')
secret_key = app_config.secret_key

Expand All @@ -1020,9 +1022,10 @@
@app.route('/delete_product_to_gallery', methods=['POST'])
def delete_product_to_gallery():
logger.info("request.args: %s ", request.args)
logger.info("request.values: %s ", request.values)

Check warning on line 1025 in cdci_data_analysis/flask_app/app.py

View check run for this annotation

Codecov / codecov/patch

cdci_data_analysis/flask_app/app.py#L1025 

Added line #L1025 was not covered by tests
github-advanced-security[bot] marked this conversation as resolved.
Fixed Show resolved Hide resolved
logger.info("request.files: %s ", request.files)

token = request.args.get('token', None)
token = request.values.to_dict().get('token', None)

Check warning on line 1028 in cdci_data_analysis/flask_app/app.py

View check run for this annotation

Codecov / codecov/patch

cdci_data_analysis/flask_app/app.py#L1028 

Added line #L1028 was not covered by tests
app_config = app.config.get('conf')
secret_key = app_config.secret_key

Expand All @@ -1048,9 +1051,10 @@
@app.route('/post_revolution_processing_log_to_gallery', methods=['POST'])
def post_revolution_processing_log_to_gallery():
logger.info("request.args: %s ", request.args)
logger.info("request.values: %s ", request.values)

Check warning on line 1054 in cdci_data_analysis/flask_app/app.py

View check run for this annotation

Codecov / codecov/patch

cdci_data_analysis/flask_app/app.py#L1054 

Added line #L1054 was not covered by tests
Fixed Show fixed Hide fixed
logger.info("request.files: %s ", request.files)

token = request.args.get('token', None)
token = request.values.to_dict().get('token', None)

Check warning on line 1057 in cdci_data_analysis/flask_app/app.py

View check run for this annotation

Codecov / codecov/patch

cdci_data_analysis/flask_app/app.py#L1057 

Added line #L1057 was not covered by tests
app_config = app.config.get('conf')
secret_key = app_config.secret_key

Expand Down
44 changes: 25 additions & 19 deletions tests/test_server_basic.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2800,7 +2800,7 @@ def test_product_gallery_data_product_with_period_of_observation(dispatcher_live
params['T2'] = now.strftime('%Y-%m-%dT%H:%M:%S')

c = requests.post(os.path.join(server, "post_product_to_gallery"),
params={**params},
data=params,
files=file_obj
)

Expand Down Expand Up @@ -3122,7 +3122,7 @@ def test_product_gallery_get_data_products_list_with_conditions(dispatcher_live_
}

c = requests.post(os.path.join(server, "post_astro_entity_to_gallery"),
params={**source_params},
data=source_params,
)

assert c.status_code == 200
Expand All @@ -3141,7 +3141,7 @@ def test_product_gallery_get_data_products_list_with_conditions(dispatcher_live_
'T2': '2022-08-23T05:29:11'
}
c = requests.post(os.path.join(server, "post_product_to_gallery"),
params={**product_params}
data=product_params
)

assert c.status_code == 200
Expand Down Expand Up @@ -3270,7 +3270,7 @@ def test_product_gallery_get_data_products_list_for_given_source(dispatcher_live
}

c = requests.post(os.path.join(server, "post_astro_entity_to_gallery"),
params={**source_params},
data=source_params,
)

assert c.status_code == 200
Expand All @@ -3286,7 +3286,7 @@ def test_product_gallery_get_data_products_list_for_given_source(dispatcher_live
'insert_new_source': True
}
c = requests.post(os.path.join(server, "post_product_to_gallery"),
params={**product_params}
data=product_params
)

assert c.status_code == 200
Expand Down Expand Up @@ -3434,7 +3434,7 @@ def test_product_gallery_get_period_of_observation_attachments(dispatcher_live_f


c = requests.post(os.path.join(server, "post_observation_to_gallery"),
params={**params},
data=params,
files=file_obj
)

Expand Down Expand Up @@ -3522,7 +3522,7 @@ def test_product_gallery_post_period_of_observation(dispatcher_live_fixture_with
params['T2'] = now.strftime('%Y-%m-%dT%H:%M:%S')

c = requests.post(os.path.join(server, "post_observation_to_gallery"),
params={**params},
data=params,
files=file_obj
)

Expand Down Expand Up @@ -3621,7 +3621,7 @@ def test_revolution_processing_log_gallery_post(dispatcher_live_fixture_with_gal
}

c = requests.post(os.path.join(server, "post_revolution_processing_log_to_gallery"),
params={**params},
data=params,
)

assert c.status_code == 200
Expand Down Expand Up @@ -3740,7 +3740,7 @@ def test_product_gallery_post(dispatcher_live_fixture_with_gallery, dispatcher_t
'fits_file_1': open('data/dummy_prods/query_catalog.fits', 'rb')}

c = requests.post(os.path.join(server, "post_product_to_gallery"),
params={**params},
data=params,
files=file_obj
)

Expand Down Expand Up @@ -3852,7 +3852,7 @@ def test_post_data_product_with_multiple_sources(dispatcher_live_fixture_with_ga
'insert_new_source': insert_new_source
}
c = requests.post(os.path.join(server, "post_product_to_gallery"),
params={**params}
data=params
)

assert c.status_code == 200
Expand Down Expand Up @@ -3982,7 +3982,7 @@ def test_product_gallery_update(dispatcher_live_fixture_with_gallery, dispatcher
'fits_file_1': open('data/dummy_prods/query_catalog.fits', 'rb')}

c = requests.post(os.path.join(server, "post_product_to_gallery"),
params={**params},
data=params,
files=file_obj
)

Expand Down Expand Up @@ -4028,7 +4028,7 @@ def test_product_gallery_update(dispatcher_live_fixture_with_gallery, dispatcher
'fits_file_0': open('data/dummy_prods/isgri_query_lc.fits', 'rb')}

c = requests.post(os.path.join(server, "post_product_to_gallery"),
params={**params},
data=params,
files=file_obj
)
assert c.status_code == 200
Expand Down Expand Up @@ -4084,7 +4084,7 @@ def test_product_gallery_delete(dispatcher_live_fixture_with_gallery, dispatcher
token=encoded_token)

c = requests.post(os.path.join(server, "post_product_to_gallery"),
params={**params},
data=params,
)

assert c.status_code == 200
Expand All @@ -4096,31 +4096,37 @@ def test_product_gallery_delete(dispatcher_live_fixture_with_gallery, dispatcher
assert 'field_product_id' in drupal_res_obj
assert drupal_res_obj['field_product_id'][0]['value'] == product_id

params = {
'product_id': product_id,
params_products_list = {
'product_id_value': product_id,
'content_type': 'data_product',
'token': encoded_token
}

c = requests.get(os.path.join(server, "get_data_product_list_with_conditions"),
params=params
params=params_products_list
)

assert c.status_code == 200
drupal_res_obj = c.json()
assert len(drupal_res_obj) == 1
assert drupal_res_obj[0]['nid'] == str(nid_creation)

params = {
'product_id': product_id,
'content_type': 'data_product',
'token': encoded_token
}

c = requests.post(os.path.join(server, "delete_product_to_gallery"),
params={**params},
data=params,
)
assert c.status_code == 200

drupal_res_obj = c.json()
assert drupal_res_obj == {}

c = requests.get(os.path.join(server, "get_data_product_list_with_conditions"),
params=params
params=params_products_list
)

assert c.status_code == 200
Expand Down Expand Up @@ -4155,7 +4161,7 @@ def test_product_gallery_error_message(dispatcher_live_fixture_with_gallery):
}

c = requests.post(os.path.join(server, "post_product_to_gallery"),
params={**params},
data=params,
)

assert c.status_code == 500
Expand Down
Loading