Page MenuHomeSoftware Heritage
Differential D6919

api/graph: Handle query parameters that might be passed in graph_query
ClosedPublic
Actions

Authored by anlambert on Jan 11 2022, 5:47 PM.

Details

Reviewers
seirl
Group Reviewers
Reviewers
Commits
rDWAPPS9e7732ccebe3: api/graph: Handle query parameters that might be passed in graph_query
Summary

It is possible to pass query parameters in the graph_query URL argument
of the Web API graph endpoint if the ? character is quoted.

So add extra processing in the endpoint implementation to merge the
query parameters extracted from the graph_query value and those
coming from the django request.

The purpose is to avoid some query parameters to be silently ignored
when requesting the graph API.

Diff Detail

Repository
rDWAPPS Web applications
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

anlambert created this revision.Jan 11 2022, 5:47 PM
Herald added a reviewer: Reviewers. · View Herald TranscriptJan 11 2022, 5:47 PM
anlambert mentioned this in D6914: api/graph: Implement anti-DoS policies for graph visits.Jan 11 2022, 5:48 PM
swh-public-ci added a comment.Jan 11 2022, 6:03 PM

Build is green

Patch application report for D6919 (id=25065)

Rebasing onto e0a181daf4...

Current branch diff-target is up to date.
Changes applied before test
commit 744c1daec3983870cb79a6e0c543e7b23760cc61
Author: Antoine Lambert <anlambert@softwareheritage.org>
Date:   Tue Jan 11 17:40:34 2022 +0100

    api/graph: Handle query parameters that might be passed in graph_query
    
    It is possible to pass query parameters in the graph_query URL argument
    of the Web API graph endpoint if the ? character is quoted.
    
    So add extra processing in the endpoint implementation to merge the
    query parameters extracted from the graph_query value and those
    coming from the django request.
    
    The purpose is to avoid some query parameters to be silently ignored
    when requesting the graph API.

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/1288/ for more details.

Harbormaster completed remote builds in B25940: Diff 25065.Jan 11 2022, 6:03 PM
anlambert requested review of this revision.Jan 11 2022, 6:03 PM
anlambert updated this revision to Diff 25070.Jan 12 2022, 10:59 AM

Rebase

anlambert added a child revision: D6914: api/graph: Implement anti-DoS policies for graph visits.Jan 12 2022, 11:06 AM
swh-public-ci added a comment.Jan 12 2022, 11:16 AM

Build is green

Patch application report for D6919 (id=25070)

Rebasing onto 15e6e1988a...

Current branch diff-target is up to date.
Changes applied before test
commit 43525e69eaeb058b5d41c7031c422e7de088af16
Author: Antoine Lambert <anlambert@softwareheritage.org>
Date:   Tue Jan 11 17:40:34 2022 +0100

    api/graph: Handle query parameters that might be passed in graph_query
    
    It is possible to pass query parameters in the graph_query URL argument
    of the Web API graph endpoint if the ? character is quoted.
    
    So add extra processing in the endpoint implementation to merge the
    query parameters extracted from the graph_query value and those
    coming from the django request.
    
    The purpose is to avoid some query parameters to be silently ignored
    when requesting the graph API.

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/1289/ for more details.

Harbormaster completed remote builds in B25945: Diff 25070.Jan 12 2022, 11:16 AM
seirl requested changes to this revision.Jan 12 2022, 2:17 PM
seirl added a subscriber: seirl.

Minor comment to avoid doing url parsing manually, otherwise LGTM

swh/web/api/views/graph.py
150

I think it's cleaner to use urlunparse() here.

This revision now requires changes to proceed.Jan 12 2022, 2:17 PM
anlambert added inline comments.Jan 12 2022, 2:34 PM
swh/web/api/views/graph.py
150

Better indeed, thanks !

anlambert updated this revision to Diff 25091.Jan 12 2022, 2:35 PM

Use urlunparse.

seirl accepted this revision.Jan 12 2022, 2:50 PM
This revision is now accepted and ready to land.Jan 12 2022, 2:50 PM
swh-public-ci added a comment.Jan 12 2022, 2:51 PM

Build is green

Patch application report for D6919 (id=25091)

Rebasing onto 15e6e1988a...

Current branch diff-target is up to date.
Changes applied before test
commit 9e7732ccebe33b7f4f37ad92a13998136580b2c9
Author: Antoine Lambert <anlambert@softwareheritage.org>
Date:   Tue Jan 11 17:40:34 2022 +0100

    api/graph: Handle query parameters that might be passed in graph_query
    
    It is possible to pass query parameters in the graph_query URL argument
    of the Web API graph endpoint if the ? character is quoted.
    
    So add extra processing in the endpoint implementation to merge the
    query parameters extracted from the graph_query value and those
    coming from the django request.
    
    The purpose is to avoid some query parameters to be silently ignored
    when requesting the graph API.

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/1294/ for more details.

Harbormaster completed remote builds in B25965: Diff 25091.Jan 12 2022, 2:51 PM
Closed by commit rDWAPPS9e7732ccebe3: api/graph: Handle query parameters that might be passed in graph_query (authored by anlambert). · Explain WhyJan 12 2022, 3:00 PM
This revision was automatically updated to reflect the committed changes.
anlambert added a commit: rDWAPPS9e7732ccebe3: api/graph: Handle query parameters that might be passed in graph_query.

Revision Contents
Changeset List

PathSize
swh/
web/
api/
views/
18 lines
tests/
api/
views/
47 lines

Diff 25100

View Options

swh/web/api/views/graph.py

Loading...
View Options

swh/web/tests/api/views/test_graph.py

Loading...
About · Developer information · Legal