Skip to content

Commit 0c9085c

Browse files
committed
Create an enable_idor_protection.py and an idor_protection_config.py
1 parent d5291dd commit 0c9085c

3 files changed

Lines changed: 116 additions & 0 deletions

File tree

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
class IdorProtectionConfig:
2+
def __init__(self, tenant_column_name, excluded_tables):
3+
self.tenant_column_name = tenant_column_name
4+
self.excluded_tables = excluded_tables
5+
6+
7+
class IdorProtectionStore:
8+
def __init__(self):
9+
self.config = None
10+
11+
def get(self):
12+
return self.config
13+
14+
def set(self, config):
15+
self.config = config
16+
17+
def clear(self):
18+
self.config = None
19+
20+
21+
idor_protection_store = IdorProtectionStore()
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
from aikido_zen.helpers.logging import logger
2+
from aikido_zen.storage.idor_protection_config import (
3+
IdorProtectionConfig,
4+
idor_protection_store,
5+
)
6+
7+
8+
def enable_idor_protection(tenant_column_name: str, excluded_tables=None):
9+
if not isinstance(tenant_column_name, str):
10+
logger.info(
11+
"enable_idor_protection(...) expects tenant_column_name to be a string, found %s instead.",
12+
type(tenant_column_name),
13+
)
14+
return
15+
16+
if len(tenant_column_name) == 0:
17+
logger.info(
18+
"enable_idor_protection(...) expects tenant_column_name to be a non-empty string."
19+
)
20+
return
21+
22+
if excluded_tables is None:
23+
excluded_tables = []
24+
25+
if not isinstance(excluded_tables, list):
26+
logger.info(
27+
"enable_idor_protection(...) expects excluded_tables to be a list, found %s instead.",
28+
type(excluded_tables),
29+
)
30+
return
31+
32+
for table in excluded_tables:
33+
if not isinstance(table, str):
34+
logger.info(
35+
"enable_idor_protection(...) expects excluded_tables to contain strings, found %s instead.",
36+
type(table),
37+
)
38+
return
39+
40+
idor_protection_store.set(IdorProtectionConfig(tenant_column_name, excluded_tables))
Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
import pytest
2+
from aikido_zen.storage.idor_protection_config import idor_protection_store
3+
from .enable_idor_protection import enable_idor_protection
4+
5+
6+
@pytest.fixture(autouse=True)
7+
def run_around_tests():
8+
yield
9+
idor_protection_store.clear()
10+
11+
12+
def test_enable_basic():
13+
enable_idor_protection("tenant_id")
14+
config = idor_protection_store.get()
15+
assert config is not None
16+
assert config.tenant_column_name == "tenant_id"
17+
assert config.excluded_tables == []
18+
19+
20+
def test_enable_with_excluded_tables():
21+
enable_idor_protection("org_id", excluded_tables=["migrations", "sessions"])
22+
config = idor_protection_store.get()
23+
assert config is not None
24+
assert config.tenant_column_name == "org_id"
25+
assert config.excluded_tables == ["migrations", "sessions"]
26+
27+
28+
def test_invalid_column_name_type(caplog):
29+
enable_idor_protection(123)
30+
assert idor_protection_store.get() is None
31+
assert "expects tenant_column_name to be a string" in caplog.text
32+
33+
34+
def test_empty_column_name(caplog):
35+
enable_idor_protection("")
36+
assert idor_protection_store.get() is None
37+
assert "non-empty string" in caplog.text
38+
39+
40+
def test_invalid_excluded_tables_type(caplog):
41+
enable_idor_protection("tenant_id", excluded_tables="not_a_list")
42+
assert idor_protection_store.get() is None
43+
assert "expects excluded_tables to be a list" in caplog.text
44+
45+
46+
def test_invalid_excluded_table_item(caplog):
47+
enable_idor_protection("tenant_id", excluded_tables=[123])
48+
assert idor_protection_store.get() is None
49+
assert "expects excluded_tables to contain strings" in caplog.text
50+
51+
52+
def test_none_column_name(caplog):
53+
enable_idor_protection(None)
54+
assert idor_protection_store.get() is None
55+
assert "expects tenant_column_name to be a string" in caplog.text

0 commit comments

Comments
 (0)