klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2024-11-20 13:13:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

add a sentry capture for when eboutic basket regex validation fails. (#504)

Browse Source 
Co-authored-by: Théo DURR <git@theodurr.fr>
This commit is contained in:
thomas girod 2022-12-11 10:56:02 +01:00 committed by GitHub
parent 6a0a8e8ab4
commit 8fb0897160
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -7,6 +7,7 @@ db.sqlite3
pyrightconfig.json pyrightconfig.json
dist/ dist/
.vscode/ .vscode/
.idea/
env/ env/
doc/html doc/html
data/ data/

8
eboutic/forms.py
View File

@ -28,6 +28,7 @@ import typing
from django.http import HttpRequest from django.http import HttpRequest
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from sentry_sdk import capture_message
from eboutic.models import get_eboutic_products from eboutic.models import get_eboutic_products
@ -104,6 +105,13 @@ class BasketForm:
# check that the json is not nested before parsing it to make sure # check that the json is not nested before parsing it to make sure
# malicious user can't ddos the server with deeply nested json # malicious user can't ddos the server with deeply nested json
if not BasketForm.json_cookie_re.match(basket): if not BasketForm.json_cookie_re.match(basket):
# As the validation of the cookie goes through a rather boring regex,
# we can regularly have to deal with subtle errors that we hadn't forecasted,
# so we explicitly lay a Sentry message capture here.
capture_message(
"Eboutic basket regex checking failed to validate basket json",
level="error",
)
self.error_messages.add(_("The request was badly formatted.")) self.error_messages.add(_("The request was badly formatted."))
return return
try: try: