cf805f530f
Make sure that fields specified in filter, sortBy, etc. are model fields and may be accessed. This is fixes a potential security issue. The filter() function allowed guessing the content of password hashes one character at a time. The sort() function allowed the user to call an arbitrary method of an arbitrary model attribute, for example sortBy=id&sortDir=distinct would produce an unexpected error.
37 lines
925 B
Python
37 lines
925 B
Python
"""
|
|
.. module: lemur.exceptions
|
|
:copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
|
|
:license: Apache, see LICENSE for more details.
|
|
"""
|
|
from flask import current_app
|
|
|
|
|
|
class LemurException(Exception):
|
|
def __init__(self, *args, **kwargs):
|
|
current_app.logger.exception(self)
|
|
|
|
|
|
class DuplicateError(LemurException):
|
|
def __init__(self, key):
|
|
self.key = key
|
|
|
|
def __str__(self):
|
|
return repr("Duplicate found! Could not create: {0}".format(self.key))
|
|
|
|
|
|
class InvalidListener(LemurException):
|
|
def __str__(self):
|
|
return repr("Invalid listener, ensure you select a certificate if you are using a secure protocol")
|
|
|
|
|
|
class AttrNotFound(LemurException):
|
|
def __init__(self, field):
|
|
self.field = field
|
|
|
|
def __str__(self):
|
|
return repr("The field '{0}' is not sortable or filterable".format(self.field))
|
|
|
|
|
|
class InvalidConfiguration(Exception):
|
|
pass
|