Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checking int fields for params and limiting retrieval amount #1089

Merged
merged 1 commit into from
Mar 8, 2025
Merged

Checking int fields for params and limiting retrieval amount #1089

merged 1 commit into from
Mar 8, 2025

Conversation

ArneTR
Copy link
Member

@ArneTR ArneTR commented Mar 8, 2025
edited by greptile-apps bot
Loading

Greptile Summary

Added integer field validation and retrieval limits to the API endpoints to enhance security and prevent excessive data retrieval.

  • Added check_int_field_api() in api/api_helpers.py to validate integer parameters with type, minimum and maximum value checks
  • Implemented validation for machine_id parameter (max 1024) across API endpoints in api/main.py
  • Added required limit parameter with default=5 and max=50 for /v1/runs endpoint
  • Added validation before using integer parameters in database queries to prevent SQL injection and overflow attacks

greptile-apps[bot]
greptile-apps bot reviewed Mar 8, 2025
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 file(s) reviewed, 1 comment(s)
Edit PR Review Bot Settings | Greptile

api/api_helpers.py
@@ -192,6 +193,8 @@ def get_timeline_query(user, uri, filename, machine_id, branch, metrics, phase,
if branch is None or branch.strip() == '':
branch = 'main'

check_int_field_api(machine_id, 'machine_id', 1024) # can cause exception
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: The comment 'can cause exception' is redundant since the function name and its usage clearly indicate exception handling

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 8, 2025

Eco-CI Output:

Label 🖥 avg. CPU utilization [%] 🔋 Total Energy [Joules] 🔌 avg. Power [Watts] Duration [Seconds]
Total Run (incl. overhead) 28.0723 2329.81 4.08 570.98
Measurement #1 28.0398 2329.81 4.09 569.10

🌳 CO2 Data:
City: Washington, Lat: 38.7095, Lon: -78.1539
IP: 74.235.134.177
CO₂ from energy is: 0.920274950 g
CO₂ from manufacturing (embodied carbon) is: 0.162908478 g
Carbon Intensity for this location: 395 gCO₂eq/kWh
SCI: 1.083183 gCO₂eq / pipeline run emitted

Total cost of whole PR so far:

@ArneTR ArneTR merged commit 156ece8 into main Mar 8, 2025
1 check passed
@ArneTR ArneTR deleted the api-retrieval-limit branch March 8, 2025 11:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ArneTR