blag commented on code in PR #26942:
URL: https://github.com/apache/airflow/pull/26942#discussion_r991685663
##########
airflow/www/views.py:
##########
@@ -3535,7 +3544,25 @@ def datasets_summary(self):
)
}, 400
- limit = 50 if limit > 50 else limit
+ updated_after = None
+ if untrusted_updated_after:
+ # Try to figure out how other functions in this module safely
parse datetimes submitted by users
+ # and do the same thing here
+ updated_after = _safe_parse_datetime(untrusted_updated_after)
+ updated_before = None
+ if untrusted_updated_before:
+ # Clean this data the same way you cleaned updated_after
+ updated_before = _safe_parse_datetime(untrusted_updated_before)
+
Review Comment:
I like the concept, although I like the semantics of the term "force" better
than I like "strict" (because strict could also apply to how a datetime string
is parsed):
```python
def _safe_parse_datetime(v: str, force=True):
"""
Parse datetime and return error message for invalid dates
:param v: the string value to be parsed
:param force: If True, force the value to be parseable or raise an
exception.
If False, return None if v is False-y, otherwise parse or
raise an exception.
Defaults to True.
"""
if not force:
if not v:
return None
try:
return timezone.parse(v)
except (TypeError, ParserError):
abort(400, f"Invalid datetime: {v!r}")
```
But I could also see the argument that it's not this function's job to
handle a False-y value parameter.
Thoughts?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
