jebus/enviPy-bayer
1
0
Fork 0
forked from enviPath/enviPy
Code Issues Pull Requests Actions Releases Activity

removed envipytags.py and moved name cleaning to before default name assignment

Browse Source
This commit is contained in:
Liam Brydon
2025-11-07 09:42:21 +13:00
parent c88b0ff3e7
commit 654707e6b5
47 changed files with 63 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
epdb/models.py
View File

@ -804,10 +804,13 @@ class Compound(EnviPathModel, AliasMixin, ScenarioMixin, ChemicalIdentifierMixin
c = Compound()
c.package = package
if name is None or name.strip() == "":
if name is not None:
# Clean for potential XSS
name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
if name is None or name == "":
name = f"Compound {Compound.objects.filter(package=package).count() + 1}"
# Clean for potential XSS
c.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
c.name = name
# We have a default here only set the value if it carries some payload
if description is not None and description.strip() != "":
c.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()
@ -1187,12 +1190,13 @@ class SimpleAmbitRule(SimpleRule):
r = SimpleAmbitRule()
r.package = package
if name is None or name.strip() == "":
if name is not None:
# Clean for potential XSS
name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
if name is None or name == "":
name = f"Rule {Rule.objects.filter(package=package).count() + 1}"
# Clean for potential XSS
r.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
r.name = name
if description is not None and description.strip() != "":
r.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()
@ -1715,12 +1719,13 @@ class Pathway(EnviPathModel, AliasMixin, ScenarioMixin):
):
pw = Pathway()
pw.package = package
if name is None or name.strip() == "":
if name is not None:
# Clean for potential XSS
name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
if name is None or name == "":
name = f"Pathway {Pathway.objects.filter(package=package).count() + 1}"
# Clean for potential XSS
pw.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
pw.name = name
if description is not None and description.strip() != "":
pw.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()
@ -2019,9 +2024,10 @@ class Edge(EnviPathModel, AliasMixin, ScenarioMixin):
# Clean for potential XSS
# Cleaning technically not needed as it is also done in Reaction.create, including it here for consistency
if name is None:
if name is not None:
name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
if name is None or name == "":
name = f"Reaction {pathway.package.reactions.count() + 1}"
name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
if description is None:
description = s.DEFAULT_VALUES["description"]
@ -2545,12 +2551,13 @@ class RuleBasedRelativeReasoning(PackageBasedModel):
):
rbrr = RuleBasedRelativeReasoning()
rbrr.package = package
if name is None or name.strip() == "":
if name is not None:
# Clean for potential XSS
name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
if name is None or name == "":
name = f"RuleBasedRelativeReasoning {RuleBasedRelativeReasoning.objects.filter(package=package).count() + 1}"
# Clean for potential XSS
rbrr.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
rbrr.name = name
if description is not None and description.strip() != "":
rbrr.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()
@ -2649,12 +2656,13 @@ class MLRelativeReasoning(PackageBasedModel):
):
mlrr = MLRelativeReasoning()
mlrr.package = package
if name is None or name.strip() == "":
if name is not None:
# Clean for potential XSS
name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
if name is None or name == "":
name = f"MLRelativeReasoning {MLRelativeReasoning.objects.filter(package=package).count() + 1}"
# Clean for potential XSS
mlrr.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
mlrr.name = name
if description is not None and description.strip() != "":
mlrr.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()
@ -2964,12 +2972,13 @@ class EnviFormer(PackageBasedModel):
):
mod = EnviFormer()
mod.package = package
if name is None or name.strip() == "":
if name is not None:
# Clean for potential XSS
name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
if name is None or name == "":
name = f"EnviFormer {EnviFormer.objects.filter(package=package).count() + 1}"
# Clean for potential XSS
mod.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
mod.name = name
if description is not None and description.strip() != "":
mod.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()
@ -3375,11 +3384,12 @@ class Scenario(EnviPathModel):
):
new_s = Scenario()
new_s.package = package
if name is None or name.strip() == "":
if name is not None:
# Clean for potential XSS
name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
if name is None or name == "":
name = f"Scenario {Scenario.objects.filter(package=package).count() + 1}"
new_s.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
new_s.name = name
if description is not None and description.strip() != "":
new_s.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()

21
epdb/templatetags/envipytags.py
View File

@ -1,21 +0,0 @@
from django import template
from pydantic import AnyHttpUrl, ValidationError
from pydantic.type_adapter import TypeAdapter
register = template.Library()
url_adapter = TypeAdapter(AnyHttpUrl)
@register.filter
def classname(obj):
return obj.__class__.__name__
@register.filter
def is_url(value):
try:
url_adapter.validate_python(value)
return True
except ValidationError:
return False

2
epdb/views.py
View File

@ -87,7 +87,7 @@ def login(request):
from django.contrib.auth import login
username = request.POST.get("username").strip()
if username != request.POST.get("username").strip():
if username != request.POST.get("username"):
context["message"] = "Login failed!"
return render(request, "static/login.html", context)
password = request.POST.get("password")