Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prefetching multiple endpoints should return all prefetch models #11546

Merged
merged 2 commits into from
Jan 23, 2025
Merged

Prefetching multiple endpoints should return all prefetch models #11546

merged 2 commits into from
Jan 23, 2025

Conversation

hblankenship
Copy link
Collaborator

When attempting a prefetch with multiple parameters, the response would only return one of the prefetch parameters.

[sc-6144]

@github-actions github-actions bot added the apiv2 label Jan 10, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 10, 2025
edited
Loading

DryRun Security Summary

The pull request improves the handling of the prefetch parameter in the PrefetchListMixin and PrefetchRetrieveMixin classes by implementing a more robust method for processing the parameter while maintaining security and following Django REST Framework standards.

Expand for full summary

Summary:

The code changes in this pull request are focused on improving the handling of the prefetch parameter in the PrefetchListMixin and PrefetchRetrieveMixin classes of the dojo/api_v2/prefetch/mixins.py file. The main changes include a more robust way of handling the prefetch parameter, as well as applying the same operations as the standard list method defined in the Django REST Framework.

From an application security perspective, the changes made in this pull request do not seem to introduce any obvious security concerns. The code is handling user input (the prefetch parameter) in a reasonable way, and it is not performing any direct database queries or other operations that could lead to security vulnerabilities like SQL injection or cross-site scripting (XSS). However, it's important to consider the overall application context and the way this code is used within the larger system when evaluating the security implications, as the prefetch parameter could potentially be used to load sensitive data or perform privileged actions.

Files Changed:

  • dojo/api_v2/prefetch/mixins.py: The changes in this file are focused on improving the handling of the prefetch parameter in the PrefetchListMixin and PrefetchRetrieveMixin classes. Specifically, the code now checks if the prefetch parameter contains commas, and if not, it uses the getlist method to handle multiple instances of the prefetch parameter. Additionally, the list method of the PrefetchListMixin now applies the same operations as the standard list method defined in the Django REST Framework, such as filtering and pagination.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@hblankenship hblankenship marked this pull request as draft January 14, 2025 16:01
@hblankenship
Copy link
Collaborator Author

Apparently an interesting case where the code actually works but the unittests fail....

@Maffooch
Copy link
Contributor

Maffooch commented Jan 17, 2025
edited
Loading

Moving out of draft to have tests run

@Maffooch Maffooch marked this pull request as ready for review January 17, 2025 22:23
mtesauro
mtesauro approved these changes Jan 20, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 1d4b037 into bugfix Jan 23, 2025
75 checks passed
@Maffooch Maffooch deleted the hb-fix-prefect-only-one-param branch January 23, 2025 20:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@dogboat dogboat dogboat approved these changes

@mtesauro mtesauro mtesauro approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
apiv2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hblankenship @Maffooch @grendel513 @mtesauro @dogboat