Esempi in Python per InputSanitizer, esempi in Python per src.security.input_sanitizer.InputSanitizer

Esempio n. 1

0

Mostra file

    def test_failed_sanitize_story_reaction(self):
        data_input = "not_a_story_reaction"
        assert data_input not in ALLOWED_STORY_REACTIONS

        with self.assertRaises(InvalidFormatException) as context:
            InputSanitizer.sanitize_integer(data_input)
        exception = context.exception
        self.assertEqual(exception.error_code, 400)

Esempio n. 2

0

Mostra file

    def post(self, story_id):
        try:
            # get token from header
            token = self._get_token_from_header()

            # identify with token
            username = Token.identify(token)

            # get the reaction type
            reaction = self._get_reaction_from_request()
            reaction = InputSanitizer.sanitize_story_reaction(reaction)

            # post reaction to story by story_id
            saved_reaction = Story.react_to_story(story_id, username, reaction)

            # generate response
            output = {"reacting_user_id": username, "reaction": saved_reaction}

            # return response
            return ResponseBuilder.build_response(output)

        except (InvalidTokenException, ExpiredTokenException,
                InvalidFormatException, MissingFieldException,
                StoryNotFoundException) as e:
            return ResponseBuilder.build_error_response(
                e.message, e.error_code)

Esempio n. 3

0

Mostra file

    def get(self, story_id):
        try:
            # get token from header
            token = self._get_token_from_header()

            # identify with token
            username = Token.identify(token)

            # get story by story_id
            story = Story.get_story(story_id)

            # if <username is not the uploader> and <story is private> and ...
            # ... <uploader and username are not friends> return 403

            is_private = story["is_private"]
            story_uploader = story["username"]
            self.logger.debug("At GET@/stories requesting user is {}, uploader is {} and story {} private".format(
                username, story_uploader, "is" if is_private else "is not"))
            if username != story_uploader and \
               InputSanitizer.sanitize_boolean(is_private) and \
               not Friendship.are_friends(username, story_uploader):
                return ResponseBuilder.build_error_response("Story is private", 403)

            # generate response

            # return response
            return ResponseBuilder.build_response(story)

        except (InvalidTokenException, MissingFieldException, ExpiredTokenException,
                StoryNotFoundException) as e:
            return ResponseBuilder.build_error_response(e.message, e.error_code)

Esempio n. 4

0

Mostra file

    def post(self, story_id):
        try:
            # get token from header
            token = self._get_token_from_header()

            # identify with token
            username = Token.identify(token)

            # get data from request
            comment_text = self._get_comment_text_from_request()
            timestamp = self._get_timestamp_from_request()

            # sanitize data
            timestamp = InputSanitizer.sanitize_positive_integer(timestamp)

            # post reaction to story by story_id
            saved_comment = Story.comment_on_story(story_id, username, comment_text, timestamp)

            # generate response
            output = saved_comment

            # return response
            return ResponseBuilder.build_response(output)

        except (InvalidTokenException, ExpiredTokenException, InvalidFormatException,
                MissingFieldException, StoryNotFoundException) as e:
            return ResponseBuilder.build_error_response(e.message, e.error_code)

Esempio n. 5

0

Mostra file

    def post(self):
        try:
            # get token from header
            token = self._get_token_from_header()

            # identify with token
            username = Token.identify(token)

            # get data from request
            story_data = {}
            story_data['media'] = self._get_media_from_request()
            story_data['location'] = self._get_location_from_request()
            timestamp = self._get_timestamp_from_request()
            is_private = self._get_privateness_from_request()
            story_data['title'] = self._try_get_title_from_request()
            story_data['description'] = self._try_get_description_from_request(
            )
            story_data['username'] = username

            # validated data
            story_data['timestamp'] = InputSanitizer.sanitize_integer(
                timestamp)
            story_data['is_private'] = InputSanitizer.sanitize_boolean(
                is_private)

            # ask SS for storage service?

            # save new Story at AS
            self.logger.debug(
                "At POST@/stories got story_data {}".format(story_data))
            new_story_id = User.save_new_story(story_data)

            # generate response
            response = dict(story_data)
            response['story_id'] = new_story_id

            # save stat
            StatCollector.save_event_story_post(story_data["timestamp"])

            # return response
            return ResponseBuilder.build_response(response)

        except (MissingFieldException, InvalidTokenException,
                ExpiredTokenException, InvalidFormatException) as e:
            return ResponseBuilder.build_error_response(
                e.message, e.error_code)

Esempio n. 6

0

Mostra file

    def post(self):
        try:
            # get token from header
            token = self._get_token_from_header()

            # identify with token
            username = Token.identify(token)

            # get data from request
            flash_data = {}
            flash_data['media'] = self._get_media_from_request()
            flash_data['location'] = self._get_location_from_request()
            timestamp = self._get_timestamp_from_request()
            flash_data['title'] = self._try_get_title_from_request()
            flash_data['description'] = self._try_get_description_from_request()
            flash_data['username'] = username

            # validated data
            flash_data['timestamp'] = InputSanitizer.sanitize_integer(timestamp)

            # save new flash at AS
            self.logger.debug("At POST@/flashes got flash_data {}".format(flash_data))

            new_flash_id = User.save_new_flash(flash_data)

            # generate response
            response = dict(flash_data)
            response['flash_id'] = new_flash_id

            # save stat
            StatCollector.save_event_flash_post(flash_data["timestamp"])

            # return response
            return ResponseBuilder.build_response(response)

        except (MissingFieldException, InvalidTokenException, ExpiredTokenException,
                InvalidFormatException) as e:
            return ResponseBuilder.build_error_response(e.message, e.error_code)

Esempio n. 7

0

Mostra file

 def test_failed_sanitize_positive_integer_including_0(self):
     data_input = "-2"
     with self.assertRaises(InvalidFormatException) as context:
         InputSanitizer.sanitize_positive_integer(data_input, True)
     exception = context.exception
     self.assertEqual(exception.error_code, 400)

Esempio n. 8

0

Mostra file

 def test_successful_sanitize_boolean_true(self):
     data_input = "true"
     expected_output = True
     self.assertEqual(InputSanitizer.sanitize_boolean(data_input),
                      expected_output)

Esempio n. 9

0

Mostra file

 def test_successful_sanitize_positive_integer_including_0(self):
     data_input = "0"
     expected_output = 0
     self.assertEqual(
         InputSanitizer.sanitize_positive_integer(data_input, True),
         expected_output)

Esempio n. 10

0

Mostra file

 def test_successful_sanitize_positive_integer_excluding_0(self):
     data_input = "13212"
     expected_output = 13212
     self.assertEqual(InputSanitizer.sanitize_positive_integer(data_input),
                      expected_output)

Esempio n. 11

0

Mostra file

 def test_successful_sanitize_story_reaction(self):
     for n in ALLOWED_STORY_REACTIONS:
         data_input = n.upper()
         self.assertEqual(
             InputSanitizer.sanitize_story_reaction(data_input), n)

Esempio n. 12

0

Mostra file

 def test_failed_sanitize_integer(self):
     data_input = "not_an_integer"
     with self.assertRaises(InvalidFormatException) as context:
         InputSanitizer.sanitize_integer(data_input)
     exception = context.exception
     self.assertEqual(exception.error_code, 400)

Esempio n. 13

0

Mostra file

 def test_successful_sanitize_negative_integer(self):
     data_input = "-51213"
     expected_output = -51213
     self.assertEqual(InputSanitizer.sanitize_integer(data_input),
                      expected_output)

Esempio n. 14

0

Mostra file

 def test_failed_sanitize_boolean(self):
     data_input = "asd"
     with self.assertRaises(InvalidFormatException):
         InputSanitizer.sanitize_boolean(data_input)

Esempio n. 15

0

Mostra file

 def test_successful_sanitize_boolean_false(self):
     data_input = "False"
     expected_output = False
     self.assertEqual(InputSanitizer.sanitize_boolean(data_input),
                      expected_output)