From patchwork Mon Sep 28 16:37:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Thomas Bracht Laumann Jespersen X-Patchwork-Id: 1372753 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C0Sqk5KXrz9ryj for ; Tue, 29 Sep 2020 02:37:54 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=reject dis=none) header.from=laumann.xyz Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=laumann.xyz header.i=@laumann.xyz header.a=rsa-sha256 header.s=key1 header.b=F5t7bgCi; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4C0Sqk40RnzDqQ3 for ; Tue, 29 Sep 2020 02:37:54 +1000 (AEST) X-Original-To: patchwork@lists.ozlabs.org Delivered-To: patchwork@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=laumann.xyz (client-ip=2001:41d0:2:863f::; helo=out1.migadu.com; envelope-from=t@laumann.xyz; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=reject dis=none) header.from=laumann.xyz Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=laumann.xyz header.i=@laumann.xyz header.a=rsa-sha256 header.s=key1 header.b=F5t7bgCi; dkim-atps=neutral Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4C0SqX6Vc5zDqNw for ; Tue, 29 Sep 2020 02:37:44 +1000 (AEST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=laumann.xyz; s=key1; t=1601311040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=y+aFtfitgoHbxJOpYwxIsdIRSKPSP0EvzCNsAYjIxko=; b=F5t7bgCip318D7KeSaAJCgXl3usAHKmLQhzMh+g7UDXFCi5rvbAA0AvEDwBecMYpRN6SrR hkKMcDWTMbQ1jtrYi9bAKiMtXfD4LJOjkAOu+qUEASPxL6HoGNpdp8xgZZU8YCmw0CXmvA 7qbn5HeX5e5u6ftme7xuXjtFxc3dva3CUIx3qYqWX5u4R8ysQJU0B9asK+vnGvjfH6xkO4 50WQW9Xs1j+367fkLSaQb8cZC3A9i7X+oJ1Xl1oK9qj6FcQ0Vu3M9uZP3Hxa2K2hdTNZYF ZRR6F0wzVQFuQSvKsE1ounyeI+J5vQ7UXY1udPqlNieCi9vx/Ui6fX22OTYKuw== From: Thomas Bracht Laumann Jespersen To: patchwork@lists.ozlabs.org Subject: [PATCH v3] models: Validate Project.linkname does not contain forward slash Date: Mon, 28 Sep 2020 18:37:07 +0200 Message-Id: <20200928163707.16359-1-t@laumann.xyz> MIME-Version: 1.0 X-Spam-Score: 0.00 X-BeenThere: patchwork@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Patchwork development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: patchwork-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Patchwork" I started by creating a project that contained a forward slash (importing patches from https://lists.sr.ht/~sircmpwn/sr.ht-dev/) and it fails to render the "projects" main page. The specific error reads: NoReverseMatch at / Reverse for 'patch-list' with keyword arguments '{'project_id': 'foo/bar'}' not found. 1 pattern(s) tried: ['project/(?P[^/]+)/list/$'] which appears to explicitly disallow forward slashes. So I think it makes sense to validate that project linkname doesn't contain forward slahes. This implementation uses the validate_unicode_slug validator instead of just rejecting inputs that contain forward slashes. Signed-off-by: Thomas Bracht Laumann Jespersen --- .../0044_add_project_linkname_validation.py | 30 +++++++++++++++++++ patchwork/models.py | 4 ++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 patchwork/migrations/0044_add_project_linkname_validation.py diff --git a/patchwork/migrations/0044_add_project_linkname_validation.py b/patchwork/migrations/0044_add_project_linkname_validation.py new file mode 100644 index 0000000..9319c81 --- /dev/null +++ b/patchwork/migrations/0044_add_project_linkname_validation.py @@ -0,0 +1,30 @@ +# Generated by Django 3.1.1 on 2020-09-29 01:27 + +import django.core.validators +from django.db import migrations, models +import re + + +class Migration(migrations.Migration): + + dependencies = [ + ('patchwork', '0043_merge_patch_submission'), + ] + + operations = [ + migrations.AlterField( + model_name='project', + name='linkname', + field=models.CharField( + max_length=255, + unique=True, + validators=[ + django.core.validators.RegexValidator( + re.compile('^[-\\w]+\\Z'), + 'Enter a valid “slug” consisting of Unicode ' + + 'letters, numbers, underscores, or hyphens.', + 'invalid') + ] + ), + ), + ] diff --git a/patchwork/models.py b/patchwork/models.py index 77ab924..6f90627 100644 --- a/patchwork/models.py +++ b/patchwork/models.py @@ -16,6 +16,7 @@ from django.core.exceptions import ValidationError from django.db import models from django.urls import reverse from django.utils.functional import cached_property +from django.core.validators import validate_unicode_slug from patchwork.fields import HashField from patchwork.hasher import hash_diff @@ -56,7 +57,8 @@ class Person(models.Model): class Project(models.Model): # properties - linkname = models.CharField(max_length=255, unique=True) + linkname = models.CharField(max_length=255, unique=True, + validators=[validate_unicode_slug]) name = models.CharField(max_length=255, unique=True) listid = models.CharField(max_length=255) listemail = models.CharField(max_length=200)