• Goferking0@ttrpg.network
    link
    fedilink
    arrow-up
    23
    ·
    2 months ago

    Even dealing with a security issue the code is shit. Why are they chaining multiple ors in a if single statements

    |                                        |                                                                                                                        |
    | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- |
    | `def is_invalid_get_request_uri(uri):` |                                                                                                                        |
    |                                        | `if current_app.debug:`                                                                                                |
    |                                        | `return False`                                                                                                         |
    |                                        | `try:`                                                                                                                 |
    |                                        | `ip = ipaddress.ip_address(furl(uri).host)`                                                                            |
    |                                        | `except:`                                                                                                              |
    |                                        | `ip = None`                                                                                                            |
    |                                        | ``                                                                                                                     |
    |                                        | `if ip:`                                                                                                               |
    |                                        | `return ip.is_private or ip.is_link_local or ip.is_reserved or ip.is_loopback or ip.is_multicast or ip.is_unspecified` |
    |                                        | `return False`                                                                                                         |
    |                                        | ``                                                                                                                     |
    |                                        | ``                                                                                                                     |
    |                                        | `def is_invalid_post_request_uri(uri):`                                                                                |
    |                                        | `return is_inv`                                                                                                        |
    

    https://codeberg.org/rimu/pyfedi/commit/ada8e2ea35ec687000b7e7c2343288d44a219c3a