From 2fa7c8706bbc491cbeb9560ec7d5e335aaeb82d3 Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Wed, 10 Feb 2021 20:40:15 +1100 Subject: [PATCH] Wrap custom filter validation in try/except blocks --- InvenTree/label/api.py | 24 ++++++++++++++++++++---- InvenTree/label/models.py | 18 ++++++++++++------ InvenTree/report/api.py | 12 ++++++++++-- InvenTree/report/models.py | 9 ++++++--- InvenTree/stock/models.py | 22 ++++++++++++++-------- 5 files changed, 62 insertions(+), 23 deletions(-) diff --git a/InvenTree/label/api.py b/InvenTree/label/api.py index 6b542f80ed..b2bfe9164f 100644 --- a/InvenTree/label/api.py +++ b/InvenTree/label/api.py @@ -5,6 +5,7 @@ import sys from django.utils.translation import ugettext as _ from django.conf.urls import url, include +from django.core.exceptions import ValidationError, FieldError from django_filters.rest_framework import DjangoFilterBackend @@ -119,13 +120,20 @@ class StockItemLabelList(LabelListView, StockItemLabelMixin): matches = True # Filter string defined for the StockItemLabel object - filters = InvenTree.helpers.validateFilterString(label.filters) + try: + filters = InvenTree.helpers.validateFilterString(label.filters) + except ValidationError: + continue for item in items: item_query = StockItem.objects.filter(pk=item.pk) - if not item_query.filter(**filters).exists(): + try: + if not item_query.filter(**filters).exists(): + matches = False + break + except FieldError: matches = False break @@ -273,13 +281,21 @@ class StockLocationLabelList(LabelListView, StockLocationLabelMixin): matches = True # Filter string defined for the StockLocationLabel object - filters = InvenTree.helpers.validateFilterString(label.filters) + try: + filters = InvenTree.helpers.validateFilterString(label.filters) + except: + # Skip if there was an error validating the filters... + continue for loc in locations: loc_query = StockLocation.objects.filter(pk=loc.pk) - if not loc_query.filter(**filters).exists(): + try: + if not loc_query.filter(**filters).exists(): + matches = False + break + except FieldError: matches = False break diff --git a/InvenTree/label/models.py b/InvenTree/label/models.py index a34aa3831d..9a98810d28 100644 --- a/InvenTree/label/models.py +++ b/InvenTree/label/models.py @@ -12,6 +12,7 @@ from blabel import LabelWriter from django.db import models from django.core.validators import FileExtensionValidator +from django.core.exceptions import ValidationError, FieldError from django.utils.translation import gettext_lazy as _ @@ -145,9 +146,12 @@ class StockItemLabel(LabelTemplate): Test if this label template matches a given StockItem object """ - filters = validateFilterString(self.filters) - - items = stock.models.StockItem.objects.filter(**filters) + try: + filters = validateFilterString(self.filters) + items = stock.models.StockItem.objects.filter(**filters) + except (ValidationError, FieldError): + # If an error exists with the "filters" field, return False + return False items = items.filter(pk=item.pk) @@ -198,9 +202,11 @@ class StockLocationLabel(LabelTemplate): Test if this label template matches a given StockLocation object """ - filters = validateFilterString(self.filters) - - locs = stock.models.StockLocation.objects.filter(**filters) + try: + filters = validateFilterString(self.filters) + locs = stock.models.StockLocation.objects.filter(**filters) + except (ValidationError, FieldError): + return False locs = locs.filter(pk=location.pk) diff --git a/InvenTree/report/api.py b/InvenTree/report/api.py index 560cf706de..68a1f23f0d 100644 --- a/InvenTree/report/api.py +++ b/InvenTree/report/api.py @@ -3,6 +3,7 @@ from __future__ import unicode_literals from django.utils.translation import ugettext as _ from django.conf.urls import url, include +from django.core.exceptions import FieldError from django.http import HttpResponse from django_filters.rest_framework import DjangoFilterBackend @@ -114,12 +115,19 @@ class StockItemTestReportList(ReportListView, StockItemReportMixin): matches = True # Filter string defined for the report object - filters = InvenTree.helpers.validateFilterString(report.filters) + try: + filters = InvenTree.helpers.validateFilterString(report.filters) + except: + continue for item in items: item_query = StockItem.objects.filter(pk=item.pk) - if not item_query.filter(**filters).exists(): + try: + if not item_query.filter(**filters).exists(): + matches = False + break + except FieldError: matches = False break diff --git a/InvenTree/report/models.py b/InvenTree/report/models.py index ddb7e9ea94..ce1a01e872 100644 --- a/InvenTree/report/models.py +++ b/InvenTree/report/models.py @@ -13,6 +13,7 @@ import datetime from django.db import models from django.conf import settings +from django.core.exceptions import ValidationError, FieldError from django.template.loader import render_to_string @@ -262,9 +263,11 @@ class TestReport(ReportTemplateBase): Test if this report template matches a given StockItem objects """ - filters = validateFilterString(self.filters) - - items = stock.models.StockItem.objects.filter(**filters) + try: + filters = validateFilterString(self.filters) + items = stock.models.StockItem.objects.filter(**filters) + except (ValidationError, FieldError): + return False # Ensure the provided StockItem object matches the filters items = items.filter(pk=item.pk) diff --git a/InvenTree/stock/models.py b/InvenTree/stock/models.py index 57faf2627e..84cc696593 100644 --- a/InvenTree/stock/models.py +++ b/InvenTree/stock/models.py @@ -9,7 +9,7 @@ from __future__ import unicode_literals import os from django.utils.translation import gettext_lazy as _ -from django.core.exceptions import ValidationError +from django.core.exceptions import ValidationError, FieldError from django.urls import reverse from django.db import models, transaction @@ -1365,10 +1365,13 @@ class StockItem(MPTTModel): for test_report in report.models.TestReport.objects.filter(enabled=True): - filters = helpers.validateFilterString(test_report.filters) - - if item_query.filter(**filters).exists(): - reports.append(test_report) + # Attempt to validate report filter (skip if invalid) + try: + filters = helpers.validateFilterString(test_report.filters) + if item_query.filter(**filters).exists(): + reports.append(test_report) + except (ValidationError, FieldError): + continue return reports @@ -1391,10 +1394,13 @@ class StockItem(MPTTModel): for lbl in label.models.StockItemLabel.objects.filter(enabled=True): - filters = helpers.validateFilterString(lbl.filters) + try: + filters = helpers.validateFilterString(lbl.filters) - if item_query.filter(**filters).exists(): - labels.append(lbl) + if item_query.filter(**filters).exists(): + labels.append(lbl) + except (ValidationError, FieldError): + continue return labels