Issues in handlers.py (master) - Issues in master - kiwitcms/Kiwi - Measure and Improve Code Quality continuously with Scrutinizer

Issues (87)

tcms/handlers.py (2 issues)

Labels

Severity

Minor 2

# coding: utf-8
import html
from datetime import timedelta

from modernrpc.handlers import JSONRPCHandler, XMLRPCHandler


class KiwiTCMSJsonRpcHandler(JSONRPCHandler):
    @staticmethod
    def escape_dict(result_dict):
        for (key, value) in result_dict.items():
            if isinstance(value, str):
                result_dict[key] = html.escape(value)
            elif isinstance(value, timedelta):
                result_dict[key] = value.total_seconds()

    @staticmethod
    def escape_list(result_list):
        for (index, item) in enumerate(result_list):
            if isinstance(item, str):
                result_list[index] = html.escape(item)
            elif isinstance(item, timedelta):
                result_list[index] = item.total_seconds()
            elif isinstance(item, dict):
                __class__.escape_dict(item)


    def execute_procedure(self, name, args=None, kwargs=None):
        """
        HTML escape every string before returning it to
        the client, which may as well be the webUI. This will
        prevent XSS attacks for pages which display whatever
        is in the DB (e.g. tags, components)
        """
        result = super().execute_procedure(name, args, kwargs)

        if isinstance(result, str):
            result = html.escape(result)
        elif isinstance(result, timedelta):
            result = result.total_seconds()
        elif isinstance(result, dict):
            self.escape_dict(result)
        elif isinstance(result, list):
            self.escape_list(result)

        return result


class KiwiTCMSXmlRpcHandler(XMLRPCHandler):
    @staticmethod
    def escape_dict(result_dict):
        for (key, value) in result_dict.items():
            if isinstance(value, timedelta):
                result_dict[key] = value.total_seconds()

    @staticmethod
    def escape_list(result_list):
        for (index, item) in enumerate(result_list):
            if isinstance(item, timedelta):
                result_list[index] = item.total_seconds()
            elif isinstance(item, dict):
                __class__.escape_dict(item)


    def execute_procedure(self, name, args=None, kwargs=None):
        result = super().execute_procedure(name, args, kwargs)

        if isinstance(result, timedelta):
            result = result.total_seconds()
        elif isinstance(result, dict):
            self.escape_dict(result)
        elif isinstance(result, list):
            self.escape_list(result)

        return result


1			# coding: utf-8
2			import html
3			from datetime import timedelta
4
5			from modernrpc.handlers import JSONRPCHandler, XMLRPCHandler
6
7
8			class KiwiTCMSJsonRpcHandler(JSONRPCHandler):
9			@staticmethod
10			def escape_dict(result_dict):
11			for (key, value) in result_dict.items():
12			if isinstance(value, str):
13			result_dict[key] = html.escape(value)
14			elif isinstance(value, timedelta):
15			result_dict[key] = value.total_seconds()
16
17			@staticmethod
18			def escape_list(result_list):
19			for (index, item) in enumerate(result_list):
20			if isinstance(item, str):
21			result_list[index] = html.escape(item)
22			elif isinstance(item, timedelta):
23			result_list[index] = item.total_seconds()
24			elif isinstance(item, dict):
25			__class__.escape_dict(item)
			0 ignored issues – show Comprehensibility Best Practice introduced 2022-03-28 02:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `__class__` does not seem to be defined. Loading history...
26
27			def execute_procedure(self, name, args=None, kwargs=None):
28			"""
29			HTML escape every string before returning it to
30			the client, which may as well be the webUI. This will
31			prevent XSS attacks for pages which display whatever
32			is in the DB (e.g. tags, components)
33			"""
34			result = super().execute_procedure(name, args, kwargs)
35
36			if isinstance(result, str):
37			result = html.escape(result)
38			elif isinstance(result, timedelta):
39			result = result.total_seconds()
40			elif isinstance(result, dict):
41			self.escape_dict(result)
42			elif isinstance(result, list):
43			self.escape_list(result)
44
45			return result
46
47
48			class KiwiTCMSXmlRpcHandler(XMLRPCHandler):
49			@staticmethod
50			def escape_dict(result_dict):
51			for (key, value) in result_dict.items():
52			if isinstance(value, timedelta):
53			result_dict[key] = value.total_seconds()
54
55			@staticmethod
56			def escape_list(result_list):
57			for (index, item) in enumerate(result_list):
58			if isinstance(item, timedelta):
59			result_list[index] = item.total_seconds()
60			elif isinstance(item, dict):
61			__class__.escape_dict(item)
			0 ignored issues – show Comprehensibility Best Practice introduced 2022-03-28 02:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `__class__` does not seem to be defined. Loading history...
62
63			def execute_procedure(self, name, args=None, kwargs=None):
64			result = super().execute_procedure(name, args, kwargs)
65
66			if isinstance(result, timedelta):
67			result = result.total_seconds()
68			elif isinstance(result, dict):
69			self.escape_dict(result)
70			elif isinstance(result, list):
71			self.escape_list(result)
72
73			return result
74

kiwitcms / Kiwi

Issues (87)

tcms/handlers.py (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like