20fdad42-28a5-47cf-a496-b03bf8e9bb6b

Committed 09 May 2024 06:22PM CUT coverage: 84.08% (-0.6%) from 84.64%

Build # 20fdad42-28a5-47cf-a496-b03bf8e9bb6b

Build Type

push

circleci

Committed by

web-flow

Commit Message

Merge pull request #4684 from mozilla/enable-flak8-bandit-checks-mpp-3802

fix MPP-3802: stop ignoring bandit security checks

Run Details

3602 of 4734 branches covered (76.09%)

Branch coverage included in aggregate %.

74 of 158 new or added lines in 24 files covered. (46.84%)

4 existing lines in 4 files now uncovered.

14687 of 17018 relevant lines covered (86.3%)

10.86 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

76.19

/privaterelay/allauth.py

import logging
from urllib.parse import urlencode, urlparse

from django.http import Http404
from django.shortcuts import resolve_url
from django.urls import resolve

from allauth.account.adapter import DefaultAccountAdapter

from .middleware import RelayStaticFilesMiddleware

logger = logging.getLogger("events")


class AccountAdapter(DefaultAccountAdapter):
    def get_login_redirect_url(self, request):
        """
        Redirect to dashboard, preserving utm params from FXA.
        """
        if not request.user.is_authenticated:
            raise ValueError(
                "request.user must be authenticated when calling get_login_redirect_url"
            )
        url = "/accounts/profile/?"
        utm_params = {k: v for k, v in request.GET.items() if k.startswith("utm")}
        url += urlencode(utm_params)
        return resolve_url(url)

    def is_safe_url(self, url: str | None) -> bool:
        """Check if the redirect URL is a safe URL."""
        # Is the domain valid?
        if not super().is_safe_url(url):
            return False

        # Is this a known Django path?
        path = urlparse(url or "").path
        try:
            resolve(path)  # Is this a known Django path?
            return True
        except Http404:
            pass

        # Is this a known frontend path?
        try:
            middleware = RelayStaticFilesMiddleware()
        except Exception:  # noqa: S110 (exception pass without log)
            # Staticfiles are not available
            pass
        else:
            found = middleware.find_file(path)
            if found:
                return True

        # The path is invalid
        logger.error("No matching URL for '%s'", url)
        return False

1	import logging	1✔
2	from urllib.parse import urlencode, urlparse	1✔
3
4	from django.http import Http404	1✔
5	from django.shortcuts import resolve_url	1✔
6	from django.urls import resolve	1✔
7
8	from allauth.account.adapter import DefaultAccountAdapter	1✔
9
10	from .middleware import RelayStaticFilesMiddleware	1✔
11
12	logger = logging.getLogger("events")	1✔
13
14
15	class AccountAdapter(DefaultAccountAdapter):	1✔
16	def get_login_redirect_url(self, request):	1✔
17	"""
18	Redirect to dashboard, preserving utm params from FXA.
19	"""
NEW 20	if not request.user.is_authenticated:	×
NEW 21	raise ValueError(	×
22	"request.user must be authenticated when calling get_login_redirect_url"
23	)
24	url = "/accounts/profile/?"	×
25	utm_params = {k: v for k, v in request.GET.items() if k.startswith("utm")}	×
26	url += urlencode(utm_params)	×
27	return resolve_url(url)	×
28
29	def is_safe_url(self, url: str \| None) -> bool:	1✔
30	"""Check if the redirect URL is a safe URL."""
31	# Is the domain valid?
32	if not super().is_safe_url(url):	1✔
33	return False	1✔
34
35	# Is this a known Django path?
36	path = urlparse(url or "").path	1✔
37	try:	1✔
38	resolve(path) # Is this a known Django path?	1✔
39	return True	1✔
40	except Http404:	1✔
41	pass	1✔
42
43	# Is this a known frontend path?
44	try:	1✔
45	middleware = RelayStaticFilesMiddleware()	1✔
46	except Exception: # noqa: S110 (exception pass without log)	1✔
47	# Staticfiles are not available
48	pass	1✔
49	else:
50	found = middleware.find_file(path)	1✔
51	if found:	1✔
52	return True	1✔
53
54	# The path is invalid
55	logger.error("No matching URL for '%s'", url)	1✔
56	return False	1✔

mozilla / fx-private-relay / 20fdad42-28a5-47cf-a496-b03bf8e9bb6b

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous