feat: enhance HTTP handling and configuration
All checks were successful
CI / lint-and-test (push) Successful in 24s
All checks were successful
CI / lint-and-test (push) Successful in 24s
- Introduced a new utility function `safe_urlopen` to ensure only allowed URL schemes (http, https) are opened, enhancing security against path traversal vulnerabilities. - Updated the `run.py` and `calendar_ics.py` files to utilize `safe_urlopen` for HTTP requests, improving error handling and security. - Added `HTTP_HOST` configuration to the settings, allowing dynamic binding of the HTTP server host. - Revised the `.env.example` file to include the new `HTTP_HOST` variable with a description. - Enhanced tests for `safe_urlopen` to validate behavior with disallowed URL schemes and ensure proper integration in existing functionality.
This commit is contained in:
@@ -129,6 +129,17 @@ class TestGetCalendarEvents:
|
||||
def test_empty_url_returns_empty(self):
|
||||
assert mod.get_calendar_events("", "2025-01-01", "2025-01-31") == []
|
||||
|
||||
def test_disallowed_url_scheme_returns_empty(self):
|
||||
"""get_calendar_events: file:// or ftp:// URL does not call urlopen, returns []."""
|
||||
result = mod.get_calendar_events(
|
||||
"file:///etc/passwd", "2025-01-01", "2025-01-31"
|
||||
)
|
||||
assert result == []
|
||||
result = mod.get_calendar_events(
|
||||
"ftp://example.com/cal.ics", "2025-01-01", "2025-01-31"
|
||||
)
|
||||
assert result == []
|
||||
|
||||
def test_from_after_to_returns_empty(self):
|
||||
assert (
|
||||
mod.get_calendar_events(
|
||||
|
||||
Reference in New Issue
Block a user