Skip to content

Commit

Permalink
adding parameter checks for post requests
Browse files Browse the repository at this point in the history
  • Loading branch information
costero-e committed Sep 2, 2024
1 parent 21119cb commit af7d307
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 31 deletions.
2 changes: 2 additions & 0 deletions beacon/db/filters.py
Original file line number Diff line number Diff line change
Expand Up @@ -691,6 +691,8 @@ def apply_ontology_filter(query: dict, filter: OntologyFilter, collection: str,
def format_value(value: Union[str, List[int]]) -> Union[List[int], str, int, float]:
if isinstance(value, list):
return value
elif isinstance(value, int):
return value

elif value.isnumeric():
if float(value).is_integer():
Expand Down
62 changes: 31 additions & 31 deletions beacon/request/model.py
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ class OntologyFilter(CamelModel):

class AlphanumericFilter(CamelModel):
id: str
value: Union[str, List[int]]
value: Union[str, int, List[int]]
scope: Optional[str] = None
operator: Operator = Operator.EQUAL

Expand Down Expand Up @@ -95,7 +95,7 @@ class RequestParams(CamelModel):

class SequenceQuery(BaseModel):
referenceName: Union[str,int]
start: int
start: Union[int, str]
alternateBases:str
referenceBases: str
clinicalRelevance: Optional[str] =None
Expand All @@ -104,8 +104,8 @@ class SequenceQuery(BaseModel):

class RangeQuery(BaseModel):
referenceName: Union[str,int]
start: int
end: int
start: Union[int, str, list]
end: Union[int, str, list]
variantType: Optional[str] =None
alternateBases: Optional[str] =None
aminoacidChange: Optional[str] =None
Expand Down Expand Up @@ -163,37 +163,37 @@ class RequestParams(CamelModel):
query: RequestQuery = RequestQuery()

def from_request(self, request: Request) -> Self:
request_params={}
if request.method != "POST" or not request.has_body or not request.can_read_body:
for k, v in request.query.items():
if k == "requestedSchema":
self.meta.requested_schemas = [html.escape(v)] # comprovar si és la sanitització recomanada
elif k == "skip":
self.query.pagination.skip = int(html.escape(v))
elif k == "limit":
self.query.pagination.limit = int(html.escape(v))
elif k == "includeResultsetResponses":
self.query.include_resultset_responses = IncludeResultsetResponses(html.escape(v))
elif k == 'filters':
self.query.request_parameters[k] = html.escape(v)
elif k in ["start", "end", "assemblyId", "referenceName", "referenceBases", "alternateBases", "variantType","variantMinLength","variantMaxLength","geneId","genomicAlleleShortForm","aminoacidChange","clinicalRelevance", "mateName"]:
try:
if ',' in v:
v_splitted = v.split(',')
request_params[k]=[int(v) for v in v_splitted]
else:
request_params[k]=int(v)
except Exception as e:
request_params[k]=v
self.query.request_parameters[k] = html.escape(v)
else:
raise web.HTTPBadRequest(text='request parameter introduced is not allowed')
if request_params != {}:
LOG.debug(request_params)
request_params={}
for k, v in request.query.items():
if k == "requestedSchema":
self.meta.requested_schemas = [html.escape(v)] # comprovar si és la sanitització recomanada
elif k == "skip":
self.query.pagination.skip = int(html.escape(v))
elif k == "limit":
self.query.pagination.limit = int(html.escape(v))
elif k == "includeResultsetResponses":
self.query.include_resultset_responses = IncludeResultsetResponses(html.escape(v))
elif k == 'filters':
self.query.request_parameters[k] = html.escape(v)
elif k in ["start", "end", "assemblyId", "referenceName", "referenceBases", "alternateBases", "variantType","variantMinLength","variantMaxLength","geneId","genomicAlleleShortForm","aminoacidChange","clinicalRelevance", "mateName"]:
try:
if ',' in v:
v_splitted = v.split(',')
request_params[k]=[int(v) for v in v_splitted]
else:
request_params[k]=int(v)
except Exception as e:
request_params[k]=v
self.query.request_parameters[k] = html.escape(v)
else:
raise web.HTTPBadRequest(text='request parameter introduced is not allowed')
if request_params != {} or self.query.request_parameters != {}:
request_params = self.query.request_parameters
try:
RangeQuery(**request_params)
return self
except Exception as e:
LOG.debug('holaaaaaa')
pass
try:
SequenceQuery(**request_params)
Expand Down

0 comments on commit af7d307

Please sign in to comment.