Coverage for demo_server/api/blog/business.py: 85%

Shortcuts on this page

r m x p toggle line displays

j k next/prev highlighted chunk

0 (zero) top of page

1 (one) first highlighted chunk

[ ] prev/next file

u up to the index

? show/hide this help

47 statements

« prev ^ index » next coverage.py v7.10.6, created at 2025-12-05 15:36 +0000

1# Copyright (c) Microsoft Corporation.

2# Licensed under the MIT License.

4from demo_server.database.models import Post, Category, db 1 ctx1o

5from flask import abort 1 ctx1o

6from flask import request 1 ctx1o

7import json 1 ctx1o

9def get_query(): 1 ctx1o

10 # Gets the query string from the request

11 query = urllib.parse.urlparse(request.url).query 18 ctx1rtnqkapeifhgljcdbm

12 if query: 12 ↛ 13line 12 didn't jump to line 13 because the condition on line 12 was never true18 ctx1rtnqkapeifhgljcdbm

13 return urllib.parse.unquote(query)

14 return None 18 ctx1rtnqkapeifhgljcdbm

16def check_double_query_bug(): 1 ctx1o

17 # Responds with '500' error if the query string is a '?'

18 if get_query() == '?': 18 ↛ 19line 18 didn't jump to line 19 because the condition on line 18 was never true15 ctx1tnqkapefhgljcdb

19 abort(500)

21def check_no_id_bug(): 1 ctx1o

22 # Responds with '500' error if 'id' is missing from the body

23 if request.json.get('id') == None: 19 ctx1uqxvyzAsBaeifhgjcdb

24 abort(500) 12 ctx1uqxyzABaigjb

26def check_unexpected_query_string(): 1 ctx1o

27 # Responds with '400' if a query string exists

28 if get_query() is not None: 28 ↛ 29line 28 didn't jump to line 29 because the condition on line 28 was never true15 ctx1rnkaeifhgljcdbm

29 abort(400)

31def get_post(postId): 1 ctx1o

32 # PLANTED_BUG to be detected by invalid dynamic object checker

33 check_double_query_bug() 15 ctx1tnqkapefhgljcdb

34 # PLANTED_BUG -

35 # Intentionally ignore unexpected query, so the invalid dynamic

36 # object checker throws a bug due to '200' response.

38 post = Post.query.filter(Post.id == postId).one_or_none() 15 ctx1tnqkapefhgljcdb

39 return post or abort(404) 15 ctx1tnqkapefhgljcdb

41def create_blog_post(): 1 ctx1o

42 body = request.json.get('body') 15 ctx1wkapeifhgljcdbm

43 post = Post(body) 15 ctx1wkapeifhgljcdbm

44 db.session.add(post) 15 ctx1wkapeifhgljcdbm

45 db.session.commit() 15 ctx1wkapeifhgljcdbm

46 return post 15 ctx1wkapeifhgljcdbm

48import urllib 1 ctx1o

49def update_post(post_id): 1 ctx1o

50 # PLANTED_BUG to be detected by payload body checker

51 check_no_id_bug() 19 ctx1uqxvyzAsBaeifhgjcdb

53 post = Post.query.filter(Post.id == post_id).one_or_none() 12 ctx1uvsaeifhgcdb

54 if not post: 12 ctx1uvsaeifhgcdb

55 abort(404) 7 ctx1uvaicdb

56 checksum = request.json.get('checksum', '') 10 ctx1saeifhgcdb

57 if post.checksum == checksum: 57 ↛ 58line 57 didn't jump to line 58 because the condition on line 57 was never true10 ctx1saeifhgcdb

58 post.body = request.json.get('body')

59 raise Exception

60 db.session.add(post) 10 ctx1saeifhgcdb

61 db.session.commit() 10 ctx1saeifhgcdb

64def delete_post(post_id): 1 ctx1o

65 # Throw 400 if query string exists, to avoid triggering an

66 # invalid dynamic object checker bug.

67 check_unexpected_query_string() 15 ctx1rnkaeifhgljcdbm

69 post = Post.query.filter(Post.id == post_id).one_or_none() 15 ctx1rnkaeifhgljcdbm

70 if post: 15 ctx1rnkaeifhgljcdbm

71 db.session.delete(post) 14 ctx1nkaeifhgljcdbm

72 db.session.commit() 14 ctx1nkaeifhgljcdbm

73 else:

74 abort(404) 12 ctx1rnkaeiflcdbm