Skip to content

Commit b327082

Browse files
max-ostapenkomax-ostapenko
authored
Safe int conversion for query parameters (#1087)
* safe int * tests * lint * revert * todo * lint
1 parent 171f346 commit b327082

File tree

2 files changed

+27
-7
lines changed

2 files changed

+27
-7
lines changed

server/routes.py

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,16 @@
88
from . import faq as faq_util
99

1010

11+
def safe_int(value, default=1):
12+
"""
13+
Safely convert a value to integer, default to 1 if conversion fails.
14+
"""
15+
try:
16+
return int(value) if value else default
17+
except (ValueError, TypeError):
18+
return default
19+
20+
1121
@app.route("/")
1222
def index():
1323
return render_template(
@@ -89,11 +99,11 @@ def techreportlanding(page_id):
8999
requested_geo = request.args.get("geo") or "ALL"
90100
requested_rank = request.args.get("rank") or "ALL"
91101
requested_category = request.args.get("category") or "CMS"
92-
requested_page = request.args.get("page") or 1
93-
requested_page = int(requested_page)
102+
requested_page = safe_int(
103+
request.args.get("page")
104+
) # TODO: After security scanner is off, return 400 if not an int
94105
selected_techs = request.args.get("selected")
95-
selected_rows = request.args.get("rows") or 10
96-
selected_rows = str(selected_rows)
106+
selected_rows = str(safe_int(request.args.get("rows"), default=10))
97107

98108
last_page = request.args.get("last_page") or False
99109

server/tests/routes_test.py

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -234,15 +234,25 @@ def test_tech_report_drilldown(client):
234234

235235

236236
def test_tech_report_drilldown_wordpress(client):
237+
response = client.get("/reports/techreport/tech?tech=WordPress&geo=ALL&rank=ALL")
238+
assert response.status_code == 200
239+
240+
241+
def test_tech_report_category(client):
242+
response = client.get("/reports/techreport/category?geo=ALL&rank=ALL&category=CMS")
243+
assert response.status_code == 200
244+
245+
246+
def test_tech_report_category_pages(client):
237247
response = client.get(
238-
"/reports/techreport/tech?tech=WordPress&geo=ALL&rank=ALL"
248+
"/reports/techreport/category?geo=ALL&rank=ALL&category=CMS&page=2"
239249
)
240250
assert response.status_code == 200
241251

242252

243-
def test_tech_report_category(client):
253+
def test_tech_report_category_pages_fallback(client):
244254
response = client.get(
245-
"/reports/techreport/category?geo=ALL&rank=ALL&category=CMS"
255+
"/reports/techreport/category?geo=ALL&rank=ALL&category=CMS&page=defaults_to_1"
246256
)
247257
assert response.status_code == 200
248258

0 commit comments

Comments
 (0)