def remove_checksums(proxy: EntityProxy) -> EntityProxy:
"""When accepting entities via a web API, it would consistute
a security risk to allow a user to submit checksum-type properties.
These can be traded in for access to said files if they exist in the
underlying content-addressed storage. It seems safest to just remove
all checksums from entities when they are untrusted user input."""
for prop in proxy.iterprops():
if prop.type == registry.checksum:
proxy.pop(prop)
return proxy
def sieve_entity(
entity: EntityProxy,
schemata: Iterable[str],
properties: Iterable[str],
types: Iterable[str],
) -> Optional[EntityProxy]:
for schema in schemata:
if entity.schema.is_a(schema):
return None
for prop in entity.iterprops():
if prop.name in properties or prop.qname in properties:
entity.pop(prop, quiet=True)
elif prop.type.name in types:
entity.pop(prop, quiet=True)
return entity