From 4e5eb0f6c165340c5405e8418fbe64719c3316e3 Mon Sep 17 00:00:00 2001 From: kyle Date: Mon, 12 Aug 2024 10:42:29 -0400 Subject: [PATCH] adding link id validation --- api/blueprints/drbLink.py | 4 ++++ tests/unit/test_api_link_blueprint.py | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/api/blueprints/drbLink.py b/api/blueprints/drbLink.py index c65bee1c2ff..f4e49315648 100644 --- a/api/blueprints/drbLink.py +++ b/api/blueprints/drbLink.py @@ -1,6 +1,7 @@ from flask import Blueprint, current_app, request from ..db import DBClient from ..utils import APIUtils +from ..validation_utils import is_valid_numeric_id from logger import createLog logger = createLog(__name__) @@ -12,6 +13,9 @@ def get_link(link_id): logger.info(f'Getting link with id {link_id}') response_type = 'singleLink' + if not is_valid_numeric_id(link_id): + return APIUtils.formatResponseObject(400, response_type, { 'message': f'Link id {link_id} is invalid' }) + try: with DBClient(current_app.config['DB_CLIENT']) as db_client: link = db_client.fetchSingleLink(link_id) diff --git a/tests/unit/test_api_link_blueprint.py b/tests/unit/test_api_link_blueprint.py index 817b2064639..b34204ac0f6 100644 --- a/tests/unit/test_api_link_blueprint.py +++ b/tests/unit/test_api_link_blueprint.py @@ -78,3 +78,13 @@ def test_get_link_error(self, mock_utils, test_app, mocker): mock_utils['formatResponseObject'].assert_called_once_with( 500, 'singleLink', { 'message': 'Unable to get link with id 1' } ) + + def test_get_link_invalid_id_error(self, mock_utils, test_app): + with test_app.test_request_context('/'): + get_link('e2d0e0aa-aa72-42a0-88fb-1aeadbec2f67') + + mock_utils['formatResponseObject'].assert_called_once_with( + 400, + 'singleLink', + {'message': 'Link id e2d0e0aa-aa72-42a0-88fb-1aeadbec2f67 is invalid'} + )