Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix code scanning alert no. 3: Information exposure through an exception #2236

Closed
wants to merge 2 commits into from
Closed

Fix code scanning alert no. 3: Information exposure through an exception #2236

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5bd3fd7
Fix code scanning alert no. 3: Information exposure through an exception
nijel Oct 22, 2024
6cf734b
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Oct 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion weblate_web/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
from __future__ import annotations

import json
import logging
import random

import django.views.defaults
Expand Down Expand Up @@ -99,23 +100,23 @@
# Insert "smart" pagination links, so that there are always ON_ENDS
# links at either end of the list of pages, and there are always
# ON_EACH_SIDE links at either end of the "current page" link.
page_range = []

Check failure on line 103 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / mypy 

Incompatible types in assignment (expression has type "list[Never]", variable has type "range")
if page_num > (ON_EACH_SIDE + ON_ENDS):
page_range += [

Check failure on line 105 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / mypy 

Unsupported left operand type for + ("range")
*range(ON_ENDS),
DOT,
*range(page_num - ON_EACH_SIDE, page_num + 1),
]
else:
page_range.extend(range(page_num + 1))

Check failure on line 111 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / mypy 

"range" has no attribute "extend"
if page_num < (num_pages - ON_EACH_SIDE - ON_ENDS - 1):
page_range += [

Check failure on line 113 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / mypy 

Unsupported left operand type for + ("range")
*range(page_num + 1, page_num + ON_EACH_SIDE + 1),
DOT,
*range(num_pages - ON_ENDS, num_pages),
]
else:
page_range.extend(range(page_num + 1, num_pages))

Check failure on line 119 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / mypy 

"range" has no attribute "extend"
return [page + 1 if isinstance(page, int) else page for page in page_range]


Expand Down Expand Up @@ -146,7 +147,7 @@
try:
payload = loads(
request.POST.get("payload", ""),
key=settings.PAYMENT_SECRET,

Check failure on line 150 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / mypy 

'Settings' object has no attribute 'PAYMENT_SECRET'
max_age=300,
salt="weblate.user",
)
Expand Down Expand Up @@ -181,12 +182,15 @@
try:
payload = loads(
request.POST.get("payload", ""),
key=settings.PAYMENT_SECRET,

Check failure on line 185 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / mypy 

'Settings' object has no attribute 'PAYMENT_SECRET'
max_age=300,
salt="weblate.hosted",
)
except (BadSignature, SignatureExpired) as error:
return HttpResponseBadRequest(str(error))
logging.exception("Error processing payment payload: %s", error)

Check failure on line 190 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / pre-commit

Ruff (TRY401) 

weblate_web/views.py:190:67: TRY401 Redundant exception object included in `logging.exception` call

Check failure on line 190 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / pre-commit

Ruff (TRY401) 

weblate_web/views.py:190:67: TRY401 Redundant exception object included in `logging.exception` call
return HttpResponseBadRequest(
"An error occurred while processing your request."
)

# Get/create service for this billing
service = Service.objects.get_or_create(hosted_billing=payload["billing"])[0]
Expand All @@ -210,7 +214,7 @@
subscription.save(update_fields=["package"])
if subscription.payment and subscription.payment != payments[-1]:
# Include current payment in past payments
subscription.pastpayment_set.get_or_create(payment=subscription.payment_obj)

Check failure on line 217 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / mypy 

"Subscription" has no attribute "pastpayment_set"; maybe "pastpayments_set"?

# Update current subscription payment
subscription.payment = payments[-1]
Expand All @@ -218,7 +222,7 @@

# Link past payments
for payment in payments[:-1]:
subscription.pastpayment_set.get_or_create(payment=payment)

Check failure on line 225 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / mypy 

"Subscription" has no attribute "pastpayment_set"; maybe "pastpayments_set"?

# Link users which are supposed to have access
for user in payload["users"]:
Expand Down Expand Up @@ -397,7 +401,7 @@


class CustomerView(PaymentView):
form_class = CustomerForm

Check failure on line 404 in weblate_web/views.py

View workflow job for this annotation

GitHub Actions / mypy 

Incompatible types in assignment (expression has type "type[CustomerForm]", base class "PaymentView" defined the type as "type[MethodForm]")
template_name = "payment/customer.html"
check_customer = False

Expand Down
Loading