removed envipytags.py and moved name cleaning to before default name assignment

2025-11-07 09:42:21 +13:00
parent c88b0ff3e7
commit 654707e6b5
47 changed files with 63 additions and 95 deletions
--- a/epdb/models.py
+++ b/epdb/models.py
@ -804,10 +804,13 @@ class Compound(EnviPathModel, AliasMixin, ScenarioMixin, ChemicalIdentifierMixin
        c = Compound()
        c.package = package

-        if name is None or name.strip() == "":
-            name = f"Compound {Compound.objects.filter(package=package).count() + 1}"
+        if name is not None:
            # Clean for potential XSS
-        c.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+            name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        if name is None or name == "":
+            name = f"Compound {Compound.objects.filter(package=package).count() + 1}"
+        c.name = name
+
        # We have a default here only set the value if it carries some payload
        if description is not None and description.strip() != "":
            c.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()
@ -1187,12 +1190,13 @@ class SimpleAmbitRule(SimpleRule):

        r = SimpleAmbitRule()
        r.package = package
-
-        if name is None or name.strip() == "":
+        if name is not None:
+            # Clean for potential XSS
+            name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        if name is None or name == "":
            name = f"Rule {Rule.objects.filter(package=package).count() + 1}"

-        # Clean for potential XSS
-        r.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        r.name = name
        if description is not None and description.strip() != "":
            r.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()

@ -1715,12 +1719,13 @@ class Pathway(EnviPathModel, AliasMixin, ScenarioMixin):
    ):
        pw = Pathway()
        pw.package = package
-
-        if name is None or name.strip() == "":
+        if name is not None:
+            # Clean for potential XSS
+            name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        if name is None or name == "":
            name = f"Pathway {Pathway.objects.filter(package=package).count() + 1}"

-        # Clean for potential XSS
-        pw.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        pw.name = name
        if description is not None and description.strip() != "":
            pw.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()

@ -2019,9 +2024,10 @@ class Edge(EnviPathModel, AliasMixin, ScenarioMixin):

        # Clean for potential XSS
        # Cleaning technically not needed as it is also done in Reaction.create, including it here for consistency
-        if name is None:
-            name = f"Reaction {pathway.package.reactions.count() + 1}"
+        if name is not None:
            name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        if name is None or name == "":
+            name = f"Reaction {pathway.package.reactions.count() + 1}"

        if description is None:
            description = s.DEFAULT_VALUES["description"]
@ -2545,12 +2551,13 @@ class RuleBasedRelativeReasoning(PackageBasedModel):
    ):
        rbrr = RuleBasedRelativeReasoning()
        rbrr.package = package
-
-        if name is None or name.strip() == "":
+        if name is not None:
+            # Clean for potential XSS
+            name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        if name is None or name == "":
            name = f"RuleBasedRelativeReasoning {RuleBasedRelativeReasoning.objects.filter(package=package).count() + 1}"

-        # Clean for potential XSS
-        rbrr.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        rbrr.name = name
        if description is not None and description.strip() != "":
            rbrr.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()

@ -2649,12 +2656,13 @@ class MLRelativeReasoning(PackageBasedModel):
    ):
        mlrr = MLRelativeReasoning()
        mlrr.package = package
-
-        if name is None or name.strip() == "":
+        if name is not None:
+            # Clean for potential XSS
+            name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        if name is None or name == "":
            name = f"MLRelativeReasoning {MLRelativeReasoning.objects.filter(package=package).count() + 1}"

-        # Clean for potential XSS
-        mlrr.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        mlrr.name = name
        if description is not None and description.strip() != "":
            mlrr.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()

@ -2964,12 +2972,13 @@ class EnviFormer(PackageBasedModel):
    ):
        mod = EnviFormer()
        mod.package = package
-
-        if name is None or name.strip() == "":
+        if name is not None:
+            # Clean for potential XSS
+            name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        if name is None or name == "":
            name = f"EnviFormer {EnviFormer.objects.filter(package=package).count() + 1}"

-        # Clean for potential XSS
-        mod.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        mod.name = name
        if description is not None and description.strip() != "":
            mod.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()

@ -3375,11 +3384,12 @@ class Scenario(EnviPathModel):
    ):
        new_s = Scenario()
        new_s.package = package
-
-        if name is None or name.strip() == "":
+        if name is not None:
+            # Clean for potential XSS
+            name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        if name is None or name == "":
            name = f"Scenario {Scenario.objects.filter(package=package).count() + 1}"
-
-        new_s.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+        new_s.name = name

        if description is not None and description.strip() != "":
            new_s.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()
--- a/epdb/templatetags/envipytags.py
+++ b/epdb/templatetags/envipytags.py
@ -1,21 +0,0 @@
-from django import template
-from pydantic import AnyHttpUrl, ValidationError
-from pydantic.type_adapter import TypeAdapter
-
-register = template.Library()
-
-url_adapter = TypeAdapter(AnyHttpUrl)
-
-
-@register.filter
-def classname(obj):
-    return obj.__class__.__name__
-
-
-@register.filter
-def is_url(value):
-    try:
-        url_adapter.validate_python(value)
-        return True
-    except ValidationError:
-        return False
--- a/epdb/views.py
+++ b/epdb/views.py
@ -87,7 +87,7 @@ def login(request):
        from django.contrib.auth import login

        username = request.POST.get("username").strip()
-        if username != request.POST.get("username").strip():
+        if username != request.POST.get("username"):
            context["message"] = "Login failed!"
            return render(request, "static/login.html", context)
        password = request.POST.get("password")
--- a/templates/collections/joblog.html
+++ b/templates/collections/joblog.html
@ -1,6 +1,5 @@
 {% extends "framework.html" %}
 {% load static %}
-{% load envipytags %}
 {% block content %}

    <div class="panel-group" id="reviewListAccordion">
--- a/templates/collections/objects_list.html
+++ b/templates/collections/objects_list.html
@ -1,6 +1,5 @@
 {% extends "framework.html" %}
 {% load static %}
-{% load envipytags %}
 {% block content %}

    {% if object_type != 'package' %}
--- a/templates/migration.html
+++ b/templates/migration.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}
 <div class="panel-group" id="migration-detail">
--- a/templates/migration_detail.html
+++ b/templates/migration_detail.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}
    <div class="panel-group" id="migration-detail">
--- a/templates/modals/collections/new_model_modal.html
+++ b/templates/modals/collections/new_model_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 <div class="modal fade" tabindex="-1" id="new_model_modal" role="dialog" aria-labelledby="new_model_modal"
     aria-hidden="true">
    <div class="modal-dialog modal-lg">
--- a/templates/modals/collections/new_pathway_modal.html
+++ b/templates/modals/collections/new_pathway_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <div class="modal fade" tabindex="-1" id="new_pathway_modal" role="dialog" aria-labelledby="new_pathway_modal"
     aria-hidden="true" style="overflow-y: auto;">
--- a/templates/modals/collections/new_prediction_setting_modal.html
+++ b/templates/modals/collections/new_prediction_setting_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}

 <div id="new_prediction_setting_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/add_pathway_edge_modal.html
+++ b/templates/modals/objects/add_pathway_edge_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <div class="modal fade bs-modal-lg" id="add_pathway_edge_modal" tabindex="-1" aria-labelledby="add_pathway_edge_modal"
     aria-modal="true"
--- a/templates/modals/objects/delete_pathway_edge_modal.html
+++ b/templates/modals/objects/delete_pathway_edge_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Delete Edge -->
 <div id="delete_pathway_edge_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/delete_pathway_node_modal.html
+++ b/templates/modals/objects/delete_pathway_node_modal.html
@ -1,5 +1,5 @@
 {% load static %}
-{% load envipytags %}
+
 <!-- Delete Node -->
 <div id="delete_pathway_node_modal" class="modal" tabindex="-1">
    <div class="modal-dialog">
--- a/templates/modals/objects/edit_compound_modal.html
+++ b/templates/modals/objects/edit_compound_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit Compound -->
 <div id="edit_compound_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_compound_structure_modal.html
+++ b/templates/modals/objects/edit_compound_structure_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit Compound -->
 <div id="edit_compound_structure_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_group_member_modal.html
+++ b/templates/modals/objects/edit_group_member_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit Package Permission -->
 <div id="edit_group_member_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_model_modal.html
+++ b/templates/modals/objects/edit_model_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit Model -->
 <div id="edit_model_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_node_modal.html
+++ b/templates/modals/objects/edit_node_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit Node -->
 <div id="edit_node_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_package_modal.html
+++ b/templates/modals/objects/edit_package_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit Package -->
 <div id="edit_package_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_package_permissions_modal.html
+++ b/templates/modals/objects/edit_package_permissions_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit Package Permission -->
 <div id="edit_package_permissions_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_pathway_modal.html
+++ b/templates/modals/objects/edit_pathway_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit Pathway -->
 <div id="edit_pathway_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_prediction_setting_modal.html
+++ b/templates/modals/objects/edit_prediction_setting_modal.html
@ -1,4 +1,3 @@
-{% load envipytags %}
 {% load static %}
 <!-- Edit Package -->
 <div id="update_prediction_settings_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_reaction_modal.html
+++ b/templates/modals/objects/edit_reaction_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit Reaction -->
 <div id="edit_reaction_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_rule_modal.html
+++ b/templates/modals/objects/edit_rule_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit Rule -->
 <div id="edit_rule_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/edit_user_modal.html
+++ b/templates/modals/objects/edit_user_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Edit User -->
 <div id="edit_user_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/evaluate_model_modal.html
+++ b/templates/modals/objects/evaluate_model_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 <div class="modal fade" tabindex="-1" id="evaluate_model_modal" role="dialog" aria-labelledby="evaluate_model_modal"
     aria-hidden="true">
    <div class="modal-dialog modal-lg">
--- a/templates/modals/objects/generic_copy_object_modal.html
+++ b/templates/modals/objects/generic_copy_object_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Copy Object -->
 <div id="generic_copy_object_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/generic_set_aliases_modal.html
+++ b/templates/modals/objects/generic_set_aliases_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}

 <style>
--- a/templates/modals/objects/generic_set_external_reference_modal.html
+++ b/templates/modals/objects/generic_set_external_reference_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <!-- Delete Object -->
 <div id="generic_set_external_reference_modal" class="modal" tabindex="-1">
--- a/templates/modals/objects/generic_set_scenario_modal.html
+++ b/templates/modals/objects/generic_set_scenario_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 {% load static %}
 <div class="modal fade bs-modal-lg" id="set_scenario_modal" tabindex="-1" aria-labelledby="set_scenario_modal"
     aria-modal="true" role="dialog">
--- a/templates/modals/objects/manage_api_token_modal.html
+++ b/templates/modals/objects/manage_api_token_modal.html
@ -1,4 +1,4 @@
-{% load envipytags %}
+
 <div class="modal fade"
     tabindex="-1"
     id="manage_api_token_modal"
--- a/templates/modals/predict_modal.html
+++ b/templates/modals/predict_modal.html
@ -1,4 +1,3 @@
-{% load envipytags %}
 {% load static %}
 <div class="modal fade bs-modal-lg" id="predict_modal" tabindex="-1" aria-labelledby="predict_modal" aria-modal="true"
     role="dialog">
--- a/templates/objects/composite_rule.html
+++ b/templates/objects/composite_rule.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/objects/compound.html
+++ b/templates/objects/compound.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/objects/compound_structure.html
+++ b/templates/objects/compound_structure.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/objects/edge.html
+++ b/templates/objects/edge.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/objects/group.html
+++ b/templates/objects/group.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/objects/model.html
+++ b/templates/objects/model.html
@ -1,6 +1,5 @@
 {% extends "framework.html" %}
 {% load static %}
-{% load envipytags %}
 {% block content %}

    {% block action_modals %}
--- a/templates/objects/node.html
+++ b/templates/objects/node.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/objects/package.html
+++ b/templates/objects/package.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/objects/pathway.html
+++ b/templates/objects/pathway.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}
 {% load static %}
 {% block content %}

--- a/templates/objects/reaction.html
+++ b/templates/objects/reaction.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/objects/scenario.html
+++ b/templates/objects/scenario.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/objects/simple_rule.html
+++ b/templates/objects/simple_rule.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/objects/user.html
+++ b/templates/objects/user.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}

 {% block content %}

--- a/templates/pathway_playground2.html
+++ b/templates/pathway_playground2.html
@ -1,4 +1,3 @@
-{% load envipytags %}
 <!DOCTYPE html>
 <html lang="en">
 <head>
--- a/templates/search.html
+++ b/templates/search.html
@ -1,5 +1,4 @@
 {% extends "framework.html" %}
-{% load envipytags %}
 {% load static %}
 {% block content %}