Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fastapi parameter validation #1326

Merged
merged 6 commits into from
Sep 13, 2024
Merged

Fastapi parameter validation #1326

merged 6 commits into from
Sep 13, 2024

Conversation

dokterbob
Copy link
Collaborator

@dokterbob dokterbob commented Sep 9, 2024
edited
Loading

Validate path hierarchy and path parameters for:

  • get_avatar
  • `project_settings
  • project_translations

Includes test coverage for all relevant methods.

@dokterbob
Resolve minor linter issues, formatting.
3734bae
@dokterbob
Start of tests for FastAPI endpoints, add docstrings to most server.p…
aa515ad 
…y methods.
@dokterbob
Regression tests for various path traversal vulnerabilities.
6a5644a 
* Regression test for file traversal bug in `project_translations`.
* Regression test for `project_settings` path traversal vulnerability.
* Regression test for path traversal vulnerability in `get_avatar()`.
@dokterbob dokterbob force-pushed the fastapi_parameter_validation branch from 6fe8d85 to 51baf5b Compare September 9, 2024 16:09
@dokterbob dokterbob force-pushed the fastapi_parameter_validation branch 3 times, most recently from 763bae3 to 92c780d Compare September 9, 2024 22:32
@dokterbob
Test fixups for path traversal/server tests.
54f79d7 
* Must build frontend for backend tests... (for now).
* Follow ISO spec on Klingon matters.
@dokterbob dokterbob force-pushed the fastapi_parameter_validation branch from 38e826c to 54f79d7 Compare September 9, 2024 22:56
@dokterbob dokterbob marked this pull request as ready for review September 9, 2024 22:56
willydouhard
willydouhard approved these changes Sep 10, 2024
View reviewed changes
Copy link
Collaborator

@willydouhard willydouhard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@dokterbob dokterbob merged commit 0f7aad5 into main Sep 13, 2024
16 checks passed
@dokterbob dokterbob deleted the fastapi_parameter_validation branch September 13, 2024 11:22
LucasMagnum
LucasMagnum reviewed Sep 24, 2024
View reviewed changes
backend/tests/test_server.py

def test_get_avatar_custom(test_client: TestClient, monkeypatch: pytest.MonkeyPatch):
"""Test with custom avatar."""
custom_avatar_path = os.path.join(
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dokterbob this is assuming that the avatar will be called with correctly which is not the case for the chat. If the assistant name contains space, it will call the API passing that name from the UI and it will return a 400.

@LucasMagnum LucasMagnum mentioned this pull request Sep 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LucasMagnum LucasMagnum LucasMagnum left review comments

@willydouhard willydouhard willydouhard approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dokterbob @LucasMagnum @willydouhard