Skip to content

Commit

Permalink
feat: add logging for error conditions & fix CodeQL warnings
Browse files Browse the repository at this point in the history
- Added logging for various error conditions in add_target and delete_target views.
- Added __all__ declaration in test_target_app.py for better module export control.
- Minor cleanup in common_func.py without functional changes.
  • Loading branch information
psyray committed Sep 9, 2024
1 parent a7f0372 commit 3f21b65
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 4 deletions.
3 changes: 2 additions & 1 deletion web/reNgine/common_func.py
Original file line number Diff line number Diff line change
Expand Up @@ -1238,4 +1238,5 @@ def get_ips_from_cidr_range(target):
try:
return [str(ip) for ip in ipaddress.IPv4Network(target)]
except Exception as e:
logger.error(f'{target} is not a valid CIDR range. Skipping.')
logger.error(f'{target} is not a valid CIDR range. Skipping.')
return []
4 changes: 4 additions & 0 deletions web/targetApp/tests/test_target_app.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@
from utils.test_base import BaseTestCase
from targetApp.models import Domain, Organization

__all__ = [
'TestTargetAppViews',
]

class TestTargetAppViews(BaseTestCase):
"""
Test class for the views of the targetApp.
Expand Down
6 changes: 3 additions & 3 deletions web/targetApp/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
from reNgine.common_func import (
get_ip_info,
get_ips_from_cidr_range,
safe_int_cast
)
from reNgine.tasks import (
run_command,
Expand Down Expand Up @@ -195,15 +194,13 @@ def add_target(request, slug):
elif 'import-txt-target' in request.POST or 'import-csv-target' in request.POST:
txt_file = request.FILES.get('txtFile')
csv_file = request.FILES.get('csvFile')
# Check if no files were uploaded
if not (txt_file or csv_file):
messages.add_message(
request,
messages.ERROR,
'Files uploaded are not .txt or .csv files.')
return http.HttpResponseRedirect(reverse('add_target', kwargs={'slug': slug}))

# Check if the uploaded file is empty
if (txt_file and txt_file.size == 0) or (csv_file and csv_file.size == 0):
messages.add_message(
request,
Expand Down Expand Up @@ -281,6 +278,7 @@ def add_target(request, slug):
is_ip = bool(validators.ipv4(ip)) or bool(validators.ipv6(ip))
if not is_ip and not is_domain:
messages.add_message(request, messages.ERROR, f'IP {ip} is not a valid IP address / domain. Skipping.')
logger.warning(f'IP {ip} is not a valid IP address / domain. Skipping.')

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.
continue
description = request.POST.get('targetDescription', '')
h1_team_handle = request.POST.get('targetH1TeamHandle')
Expand Down Expand Up @@ -361,12 +359,14 @@ def delete_target(request, id):
'Domain successfully deleted!'
)
except Http404:
logger.error(f'Domain not found: {id}')

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.
messages.add_message(
request,
messages.ERROR,
'Domain not found.')
responseData = {'status': 'false'}
else:
logger.error(f'Invalid request method: {request.method}')

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.
responseData = {'status': 'false'}
messages.add_message(
request,
Expand Down

0 comments on commit 3f21b65

Please sign in to comment.