This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 1bc9ee14 Proper pagination validation checks
1bc9ee14 is described below
commit 1bc9ee142ce7b600033d6bf2454bcda09d615353
Author: Dave Fisher <[email protected]>
AuthorDate: Thu Feb 26 15:18:49 2026 -0800
Proper pagination validation checks
---
atr/api/__init__.py | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/atr/api/__init__.py b/atr/api/__init__.py
index 7e2c6117..251e268e 100644
--- a/atr/api/__init__.py
+++ b/atr/api/__init__.py
@@ -1471,9 +1471,20 @@ async def _match_unfinished(release_directory:
pathlib.Path, data: models.api.Si
def _pagination_args_validate(query_args: Any) -> None:
# Users could request any amount using limit=N with arbitrarily high N
# We therefore limit the maximum limit to 1000
- if hasattr(query_args, "limit") and (query_args.limit > 1000):
- # quart.abort(400, "Limit is too high")
- raise exceptions.BadRequest("Maximum limit of 1000 exceeded")
+ if hasattr(query_args, "limit"):
+ limit = query_args.limit
+ if limit > 1000:
+ raise exceptions.BadRequest("Maximum limit of 1000 exceeded")
+ elif limit < 1:
+ raise exceptions.BadRequest("Minimum limit less than 1 is
nonsense")
+ # Users could request any amount using offset=N with arbitrarily high N
+ # We therefore limit the maximum offset to 1000000
+ if hasattr(query_args, "offest"):
+ offset = query_args.offset
+ if offset > 1000000:
+ raise exceptions.BadRequest("Maximum offset of 1000000 exceeded")
+ elif offset < 0:
+ raise exceptions.BadRequest("Minimum offset less than 0 is
nonsense")
def _simple_check(*args: str | None) -> None:
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
