From f6dfd2fa43a4c18085c84cf4cb69fb3c3ad50f0d Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 13 Mar 2020 10:20:09 -0400 Subject: [PATCH] Simplify update repo URL validation --- netbox/netbox/settings.py | 46 +++++++++++++++------------------------ 1 file changed, 18 insertions(+), 28 deletions(-) diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py index caf8ac66f..c954c6a11 100644 --- a/netbox/netbox/settings.py +++ b/netbox/netbox/settings.py @@ -7,7 +7,8 @@ import warnings from urllib.parse import urlsplit from django.contrib.messages import constants as messages -from django.core.exceptions import ImproperlyConfigured +from django.core.exceptions import ImproperlyConfigured, ValidationError +from django.core.validators import URLValidator # @@ -81,8 +82,6 @@ DOCS_ROOT = getattr(configuration, 'DOCS_ROOT', os.path.join(os.path.dirname(BAS EMAIL = getattr(configuration, 'EMAIL', {}) ENFORCE_GLOBAL_UNIQUE = getattr(configuration, 'ENFORCE_GLOBAL_UNIQUE', False) EXEMPT_VIEW_PERMISSIONS = getattr(configuration, 'EXEMPT_VIEW_PERMISSIONS', []) -UPDATE_REPO_URL = getattr(configuration, 'UPDATE_REPO_URL', None) -UPDATE_CACHE_TIMEOUT = getattr(configuration, 'UPDATE_CACHE_TIMEOUT', 24 * 3600) LOGGING = getattr(configuration, 'LOGGING', {}) LOGIN_REQUIRED = getattr(configuration, 'LOGIN_REQUIRED', False) LOGIN_TIMEOUT = getattr(configuration, 'LOGIN_TIMEOUT', None) @@ -106,6 +105,22 @@ SHORT_DATETIME_FORMAT = getattr(configuration, 'SHORT_DATETIME_FORMAT', 'Y-m-d H SHORT_TIME_FORMAT = getattr(configuration, 'SHORT_TIME_FORMAT', 'H:i:s') TIME_FORMAT = getattr(configuration, 'TIME_FORMAT', 'g:i a') TIME_ZONE = getattr(configuration, 'TIME_ZONE', 'UTC') +UPDATE_REPO_URL = getattr(configuration, 'UPDATE_REPO_URL', None) +UPDATE_CACHE_TIMEOUT = getattr(configuration, 'UPDATE_CACHE_TIMEOUT', 24 * 3600) + +# Validate update repo URL and timeout +if UPDATE_REPO_URL: + try: + URLValidator(UPDATE_REPO_URL) + except ValidationError: + raise ImproperlyConfigured( + "UPDATE_REPO_URL must be a valid API URL. Example: " + "https://api.github.com/repos/netbox-community/netbox" + ) + +# Enforce a minimum cache timeout for update checks +if UPDATE_CACHE_TIMEOUT < 3600: + raise ImproperlyConfigured("UPDATE_CACHE_TIMEOUT has to be at least 3600 seconds (1 hour)") # @@ -307,31 +322,6 @@ AUTHENTICATION_BACKENDS = [ 'utilities.auth_backends.ViewExemptModelBackend', ] -# GitHub repository for version check -if UPDATE_REPO_URL: - UPDATE_REPO_URL = UPDATE_REPO_URL.rstrip('/') - try: - scheme, netloc, path, query, fragment = urlsplit(UPDATE_REPO_URL) - except ValueError: - raise ImproperlyConfigured("UPDATE_REPO_URL must be a valid URL") - - if scheme not in ('http', 'https'): - raise ImproperlyConfigured("UPDATE_REPO_URL must be a valid http:// or https:// URL") - - if not re.fullmatch(r'/repos/[A-Za-z0-9_.-]+/[A-Za-z0-9_.-]+', path): - raise ImproperlyConfigured( - "GITHUB_REPOSITORY must contain the base URL of the GitHub API in a form like " - "'https://api.github.com/repos//'" - ) - - # Don't allow ? (query) and # (fragment) in the URL - if query or fragment: - raise ImproperlyConfigured("UPDATE_REPO_URL may not contain a ? (query) or # (fragment)") - -# Enforce a cache timeout of at least an hour to protect GitHub -if UPDATE_CACHE_TIMEOUT < 3600: - raise ImproperlyConfigured("UPDATE_CACHE_TIMEOUT has to be at least 3600 seconds (1 hour)") - # Internationalization LANGUAGE_CODE = 'en-us' USE_I18N = True