mirror of
https://github.com/ae-utbm/sith.git
synced 2024-12-31 20:21:24 +00:00
add a sentry capture for when eboutic basket regex validation fails. (#504)
Co-authored-by: Théo DURR <git@theodurr.fr>
This commit is contained in:
parent
6a0a8e8ab4
commit
8fb0897160
1
.gitignore
vendored
1
.gitignore
vendored
@ -7,6 +7,7 @@ db.sqlite3
|
|||||||
pyrightconfig.json
|
pyrightconfig.json
|
||||||
dist/
|
dist/
|
||||||
.vscode/
|
.vscode/
|
||||||
|
.idea/
|
||||||
env/
|
env/
|
||||||
doc/html
|
doc/html
|
||||||
data/
|
data/
|
||||||
|
@ -28,6 +28,7 @@ import typing
|
|||||||
|
|
||||||
from django.http import HttpRequest
|
from django.http import HttpRequest
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
|
from sentry_sdk import capture_message
|
||||||
|
|
||||||
from eboutic.models import get_eboutic_products
|
from eboutic.models import get_eboutic_products
|
||||||
|
|
||||||
@ -104,6 +105,13 @@ class BasketForm:
|
|||||||
# check that the json is not nested before parsing it to make sure
|
# check that the json is not nested before parsing it to make sure
|
||||||
# malicious user can't ddos the server with deeply nested json
|
# malicious user can't ddos the server with deeply nested json
|
||||||
if not BasketForm.json_cookie_re.match(basket):
|
if not BasketForm.json_cookie_re.match(basket):
|
||||||
|
# As the validation of the cookie goes through a rather boring regex,
|
||||||
|
# we can regularly have to deal with subtle errors that we hadn't forecasted,
|
||||||
|
# so we explicitly lay a Sentry message capture here.
|
||||||
|
capture_message(
|
||||||
|
"Eboutic basket regex checking failed to validate basket json",
|
||||||
|
level="error",
|
||||||
|
)
|
||||||
self.error_messages.add(_("The request was badly formatted."))
|
self.error_messages.add(_("The request was badly formatted."))
|
||||||
return
|
return
|
||||||
try:
|
try:
|
||||||
|
Loading…
Reference in New Issue
Block a user