Skip to content
Snippets Groups Projects
Commit b1f4457a authored by Dariusz Kędzierski's avatar Dariusz Kędzierski Committed by Jason Salyers
Browse files

Cast all follow name data to string. Should protect against setting non string... 

Cast all follow name data to string. Should protect against setting non string data types as names in follower and following
parent 1cad6f9c
No related branches found
No related tags found
2 merge requests!456Release candidate v1 24,!370Jsalyers muting at sql level
This commit is part of merge request !370. Comments created here will be created in the context of that merge request.
Hide whitespace changes
Inline Side-by-side
hive/indexer/follow.py
+ 15
0
View file @ b1f4457a
......@@ -2,6 +2,7 @@
import logging
from time import perf_counter as perf
from json import dumps
from funcy.seqs import first
from hive.db.adapter import Db
......@@ -12,6 +13,7 @@ from hive.indexer.accounts import Accounts
from hive.indexer.db_adapter_holder import DbAdapterHolder
from hive.utils.normalize import escape_characters
log = logging.getLogger(__name__)
FOLLOWERS = 'followers'
......@@ -100,7 +102,20 @@ class Follow(DbAdapterHolder):
return None
op['following'] = op['following'] if isinstance(op['following'], list) else [op['following']]
# additional layer of protection against putting complex data types as user names
as_str = []
for following in op['following']:
if isinstance(following, list) or isinstance(following, dict):
as_str.append(dumps(following))
else:
as_str.append(str(following))
op['following'] = as_str
if isinstance(op['follower'], list) or isinstance(op['follower'], dict):
op['follower'] = dumps(op['follower'])
else:
op['follower'] = str(op['follower'])
# follower/following is empty
if not op['follower'] or not op['following']:
......
mock_data/block_data/follow_op/mock_block_data_follow.json
+ 66
0
View file @ b1f4457a
......@@ -365,6 +365,72 @@
"id": "follow",
"json": "[\"follow\",{\"follower\":\"te'%@ter1\",\"following\":[\"tester3\", \"tester4\"],\"what\":[\"blog\"]}]"
}
},
{
"type": "custom_json_operation",
"value": {
"required_auths": [],
"required_posting_auths": [
"{\"tester1\":\"tester1\"}"
],
"id": "follow",
"json": "[\"follow\",{\"follower\":{\"tester1\":\"tester1\"},\"following\":{\"tester3\":\"tester4\"},\"what\":[\"blog\"]}]"
}
},
{
"type": "custom_json_operation",
"value": {
"required_auths": [],
"required_posting_auths": [
"tester1"
],
"id": "follow",
"json": "[\"follow\",{\"follower\":\"tester1\",\"following\":{\"tester3\":\"tester4\"},\"what\":[\"blog\"]}]"
}
},
{
"type": "custom_json_operation",
"value": {
"required_auths": [],
"required_posting_auths": [
"tester1"
],
"id": "follow",
"json": "[\"follow\",{\"follower\":\"tester1\",\"following\":[\"tester3\", [\"tester4\"]],\"what\":[\"blog\"]}]"
}
},
{
"type": "custom_json_operation",
"value": {
"required_auths": [],
"required_posting_auths": [
"tester1"
],
"id": "follow",
"json": "[\"follow\",{\"follower\":[\"tester1\"],\"following\":[\"tester3\", [\"tester4\"]],\"what\":[\"blog\"]}]"
}
},
{
"type": "custom_json_operation",
"value": {
"required_auths": [],
"required_posting_auths": [
"[\"tester1\"]"
],
"id": "follow",
"json": "[\"follow\",{\"follower\":[\"tester1\"],\"following\":[\"tester3\", {\"tester4\":\"tester5\"}],\"what\":[\"blog\"]}]"
}
},
{
"type": "custom_json_operation",
"value": {
"required_auths": [],
"required_posting_auths": [
"tester1"
],
"id": "follow",
"json": "[\"follow\",{\"follower\":\"tester1\",\"following\":[\"tester3\", {\"tester4\":\"tester5\"}],\"what\":[\"blog\"]}]"
}
}
]
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment