You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When we run security scans on the form that uses "django-concurrency form"
then the logs are polluted with messages like: ERROR (django.security.VersionError) -5 OR 425=(SELECT 709 FROM PG_SLEEP(15)) ERROR (django.security.VersionError) ... or other non numer values ...
Why is not called "super().to_python(...)" in VersionField.to_python so that Integer validation is applied there?
the exception VersionError is raised instead for all non-numeric values there:
When we run security scans on the form that uses "django-concurrency form"
then the logs are polluted with messages like:
ERROR (django.security.VersionError) -5 OR 425=(SELECT 709 FROM PG_SLEEP(15))
ERROR (django.security.VersionError) ... or other non numer values ...
Why is not called "super().to_python(...)" in
VersionField.to_python
so that Integer validation is applied there?the exception VersionError is raised instead for all non-numeric values there:
django-concurrency/src/concurrency/forms.py
Line 123 in f94fcf7
Why is not raised ValidationError there (as for other invalid fields)?
The text was updated successfully, but these errors were encountered: