Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Query with invalid paramter should raise an error #67

Merged
merged 8 commits into from
Apr 12, 2019
Merged

Query with invalid paramter should raise an error #67

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
e49942d
Add validation for allowed query paramters
andbag Apr 2, 2019
a881b5a
Add tests for invalid query paramters
andbag Apr 8, 2019
3d758af
fix module formatter
andbag Apr 8, 2019
5b0dac8
Avoid code duplication and raise ValueError for wrong parameter
andbag Apr 9, 2019
ad9e429
Move test of options to 'set' method
andbag Apr 9, 2019
68d6b61
Add entry to change log (PR #67)
andbag Apr 9, 2019
c0b197b
Merge branch 'master' into fix_check_query_options
Apr 12, 2019
c188929
Update version number.
Apr 12, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
11 changes: 11 additions & 0 deletions CHANGES.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,17 @@ Changelog
4.5 (unreleased)
----------------

Backwards incompatible changes
++++++++++++++++++++++++++++++

- Raise a ``ValueError`` if a query uses invalid index parameters. This
prevents the query from being changed without feedback to the user and
delivering implausible search results.
(`#67 <https://github.com/zopefoundation/Products.ZCatalog/pull/67>`_)

Bug fixes
+++++++++

- Fix rewriting of query to avoid wrong optimization of CompositeIndex.
(`#59 <https://github.com/zopefoundation/Products.ZCatalog/issues/59>`_)

Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

setup(
name='Products.ZCatalog',
version='4.5.dev0',
version='5.0.dev0',
url='https://github.com/zopefoundation/Products.ZCatalog',
license='ZPL 2.1',
description="Zope's indexing and search solution.",
Expand Down
11 changes: 9 additions & 2 deletions src/Products/PluginIndexes/FieldIndex/tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,13 @@ def testRange(self):
self._checkApply(record, expect)

# Make sure that range tests with incompatible paramters
# don't return empty sets.
# raise a RuntimeError
record['foo']['operator'] = 'and'
self._checkApply(record, expect)
self.assertRaises(ValueError, self._checkApply, record, expect)

# alternative syntax of record
record = {'foo': [-99, 3],
'foo_range': 'min:max',
'foo_operator': 'and'}

self.assertRaises(ValueError, self._checkApply, record, expect)
26 changes: 17 additions & 9 deletions src/Products/ZCatalog/query.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ def __init__(self, request, iid, options=(), operators=('or', 'and'),
self.id = iid
self.operators = operators
self.operator = default_operator
self.options = options

if iid not in request:
self.keys = None
return
Expand All @@ -71,12 +73,11 @@ def __init__(self, request, iid, options=(), operators=('or', 'and'),
else:
keys = [query]

for op in options:
for op in param.keys():
if op == 'query':
continue

if op in param:
self.set(op, param[op])
self.set(op, param[op])

else:
# query is tuple, list, string, number, or something else
Expand All @@ -85,9 +86,10 @@ def __init__(self, request, iid, options=(), operators=('or', 'and'),
else:
keys = [param]

for op in options:
field = iid + "_" + op
if field in request:
for field in request.keys():
if field.startswith(iid + '_'):
iid_tmp, op = field.split('_')

self.set(op, request[field])

self.keys = keys
Expand All @@ -103,10 +105,12 @@ def operator(self):

@operator.setter
def operator(self, value):
iid = self.id
value = value.lower()
if value not in self.operators:
raise RuntimeError('operator not valid: %r' % value)
self._operator = value.lower()
raise ValueError(('index {0!r}: operator {1!r}'
' is not valid').format(iid, value))
self._operator = value

def get(self, key, default_v=None):
value = getattr(self, key, _marker)
Expand All @@ -115,4 +119,8 @@ def get(self, key, default_v=None):
return default_v

def set(self, key, value):
setattr(self, key, value)
if key in self.options:
setattr(self, key, value)
else:
raise ValueError(('index {0!r}: option {1!r}'
' is not valid').format(self.id, key))
32 changes: 32 additions & 0 deletions src/Products/ZCatalog/tests/test_query.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,35 @@ def test_get_not_int(self):
parser = self._makeOne(request, 'path', ('query', 'not'))
self.assertEqual(parser.get('keys'), ['foo'])
self.assertEqual(parser.get('not'), [0])

def test_operator_dict(self):
request = {'path': {'query': 'foo', 'operator': 'bar'}}
self.assertRaises(ValueError,
self._makeOne,
request,
'path',
('query', 'operator'),
('or', 'and'))

def test_operator_string(self):
request = {'path': 'foo', 'path_operator': 'bar'}
self.assertRaises(ValueError,
self._makeOne,
request, 'path',
('query', 'operator'),
('or', 'and'))

def test_options_dict(self):
request = {'path': {'query': 'foo', 'baropt': 'dummy'}}
self.assertRaises(ValueError,
self._makeOne,
request,
'path',
('query', 'operator'))

def test_options_string(self):
request = {'path': 'foo', 'path_baropt': 'dummy'}
self.assertRaises(ValueError,
self._makeOne,
request, 'path',
('query', 'operator'))