Skip to content

Commit 7710ede

Browse files
author
matthias_schaub
committed
Check if Firebase reference path is a valid one before deletion.
1 parent 6a82e7b commit 7710ede

File tree

2 files changed

+51
-13
lines changed

2 files changed

+51
-13
lines changed

mapswipe_workers/mapswipe_workers/firebase_to_postgres/archive_project.py

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
"""
22
Archive a project.
33
"""
4-
4+
import re
55
from typing import Iterable
66

77
from firebase_admin import exceptions
88

99
from mapswipe_workers import auth
10-
from mapswipe_workers.definitions import logger
10+
from mapswipe_workers.definitions import logger, CustomError
1111

1212

1313
def chunks(data: list, size: int = 250) -> Iterable[list]:
@@ -28,6 +28,10 @@ def archive_project(project_ids: list) -> None:
2828

2929
fb_db = auth.firebaseDB()
3030
ref = fb_db.reference(f"v2/results/{project_id}")
31+
if not re.match("/v2/\w+/[a-zA-Z0-9|-|_]+", ref.path):
32+
raise CustomError(
33+
"Given argument resulted in invalid Firebase Realtime Database reference."
34+
)
3135
try:
3236
ref.delete()
3337
except exceptions.InvalidArgumentError:
@@ -38,7 +42,11 @@ def archive_project(project_ids: list) -> None:
3842
ref.update({key: None for key in chunk})
3943
ref.delete()
4044

41-
ref = fb_db.reference(f"v2/results/{project_id}")
45+
ref = fb_db.reference(f"v2/tasks/{project_id}")
46+
if not re.match("/v2/\w+/[a-zA-Z0-9|-|_]+", ref.path):
47+
raise CustomError(
48+
"Given argument resulted in invalid Firebase Realtime Database reference."
49+
)
4250
try:
4351
ref.delete()
4452
except exceptions.InvalidArgumentError:
@@ -49,7 +57,20 @@ def archive_project(project_ids: list) -> None:
4957
ref.update({key: None for key in chunk})
5058
ref.delete()
5159

52-
fb_db.reference(f"v2/groups/{project_id}").delete()
60+
ref = fb_db.reference(f"v2/groups/{project_id}")
61+
if not re.match("/v2/\w+/[a-zA-Z0-9|-|_]+", ref.path):
62+
raise CustomError(
63+
"Given argument resulted in invalid Firebase Realtime Database reference."
64+
)
65+
ref.delete()
66+
67+
ref = fb_db.reference(f"v2/groups/{project_id}")
68+
if not re.match("/v2/\w+/[a-zA-Z0-9|-|_]+", ref.path):
69+
raise CustomError(
70+
"Given argument resulted in invalid Firebase Realtime Database reference."
71+
)
72+
ref.delete()
73+
5374
fb_db.reference(f"v2/projects/{project_id}/status").set("archived")
5475

5576
pg_db = auth.postgresDB()

mapswipe_workers/mapswipe_workers/firebase_to_postgres/delete_project.py

Lines changed: 26 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
"""
22
Delete projects.
33
"""
4-
4+
import re
55
from typing import Iterable
66

77
from firebase_admin import exceptions
88

99
from mapswipe_workers import auth
10-
from mapswipe_workers.definitions import logger
10+
from mapswipe_workers.definitions import logger, CustomError
1111

1212

1313
def chunks(data: list, size: int = 250) -> Iterable[list]:
@@ -26,8 +26,11 @@ def delete_project(project_ids: list) -> None:
2626
)
2727

2828
fb_db = auth.firebaseDB()
29-
3029
ref = fb_db.reference(f"v2/results/{project_id}")
30+
if not re.match("/v2/\w+/[a-zA-Z0-9|-|_]+", ref.path):
31+
raise CustomError(
32+
"Given argument resulted in invalid Firebase Realtime Database reference."
33+
)
3134
try:
3235
ref.delete()
3336
except exceptions.InvalidArgumentError:
@@ -39,6 +42,10 @@ def delete_project(project_ids: list) -> None:
3942
ref.delete()
4043

4144
ref = fb_db.reference(f"v2/tasks/{project_id}")
45+
if not re.match("/v2/\w+/[a-zA-Z0-9|-|_]+", ref.path):
46+
raise CustomError(
47+
"Given argument resulted in invalid Firebase Realtime Database reference."
48+
)
4249
try:
4350
ref.delete()
4451
except exceptions.InvalidArgumentError:
@@ -49,17 +56,27 @@ def delete_project(project_ids: list) -> None:
4956
ref.update({key: None for key in chunk})
5057
ref.delete()
5158

52-
fb_db.reference(f"v2/groups/{project_id}").delete()
53-
fb_db.reference(f"v2/projects/{project_id}").delete()
59+
ref = fb_db.reference(f"v2/groups/{project_id}")
60+
if not re.match("/v2/\w+/[a-zA-Z0-9|-|_]+", ref.path):
61+
raise CustomError(
62+
"Given argument resulted in invalid Firebase Realtime Database reference."
63+
)
64+
ref.delete()
65+
ref = fb_db.reference(f"v2/projects/{project_id}")
66+
if not re.match("/v2/\w+/[a-zA-Z0-9|-|_]+", ref.path):
67+
raise CustomError(
68+
"Given argument resulted in invalid Firebase Realtime Database reference."
69+
)
70+
ref.delete()
5471

5572
pg_db = auth.postgresDB()
56-
sql_query = "DELETE FROM results WHERE project_id = {};".format(project_id)
73+
sql_query = "DELETE FROM results WHERE project_id = '{}';".format(project_id)
5774
pg_db.query(sql_query, project_id)
58-
sql_query = "DELETE FROM tasks WHERE project_id = {};".format(project_id)
75+
sql_query = "DELETE FROM tasks WHERE project_id = '{}';".format(project_id)
5976
pg_db.query(sql_query, project_id)
60-
sql_query = "DELETE FROM groups WHERE project_id = {};".format(project_id)
77+
sql_query = "DELETE FROM groups WHERE project_id = '{}';".format(project_id)
6178
pg_db.query(sql_query, project_id)
62-
sql_query = "DELETE FROM projects WHERE project_id = {};".format(project_id)
79+
sql_query = "DELETE FROM projects WHERE project_id = '{}';".format(project_id)
6380
pg_db.query(sql_query, project_id)
6481

6582
return True

0 commit comments

Comments
 (0)