def remove_checksums(proxy: EntityProxy) -> EntityProxy: """When accepting entities via a web API, it would consistute a security risk to allow a user to submit checksum-type properties. These can be traded in for access to said files if they exist in the underlying content-addressed storage. It seems safest to just remove all checksums from entities when they are untrusted user input.""" for prop in proxy.iterprops(): if prop.type == registry.checksum: proxy.pop(prop) return proxy
def sieve_entity( entity: EntityProxy, schemata: Iterable[str], properties: Iterable[str], types: Iterable[str], ) -> Optional[EntityProxy]: for schema in schemata: if entity.schema.is_a(schema): return None for prop in entity.iterprops(): if prop.name in properties or prop.qname in properties: entity.pop(prop, quiet=True) elif prop.type.name in types: entity.pop(prop, quiet=True) return entity