Skip to content

Commit

Permalink
fix: always validate resourse URL before using it
Browse files Browse the repository at this point in the history
  • Loading branch information
@kikkomep
kikkomep committed Nov 28, 2023
1 parent 84a59f6 commit d61bda4
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions lifemonitor/errors.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@

from flask import Blueprint, render_template, request, url_for

from lifemonitor.utils import validate_url

# Config a module level logger
logger = logging.getLogger(__name__)
Expand Down Expand Up @@ -55,13 +56,13 @@ def parametric_page():


@blueprint.route("/400")
def handle_400(e: Exception = None):
def handle_400(e: Exception = None, description: str = None):
return handle_error(
{
"title": "LifeMonitor: Page not found",
"code": "404",
"description": str(e)
if e and logger.isEnabledFor(logging.DEBUG)
"description": description if description
else str(e) if e and logger.isEnabledFor(logging.DEBUG)
else "Bad request",
}
)
Expand All @@ -71,6 +72,8 @@ def handle_400(e: Exception = None):
def handle_404(e: Exception = None):
resource = request.args.get("resource", None, type=str)
logger.debug(f"Resource not found: {resource}")
if not validate_url(resource):
return handle_400(decription="Invalid URL")
return handle_error(
{
"title": "LifeMonitor: Page not found",
Expand All @@ -87,6 +90,8 @@ def handle_404(e: Exception = None):
def handle_405(e: Exception = None):
resource = request.args.get("resource", None, type=str)
logger.debug(f"Method not allowed for resource {resource}")
if not validate_url(resource):
return handle_400(decription="Invalid URL")
return handle_error(
{
"title": "LifeMonitor: Method not allowed",
Expand Down

0 comments on commit d61bda4

Please sign in to comment.