Pegase745
commented
6 years ago Could you add a test please?
Open erssebaggala opened 6 years ago
Pegase745
commented
6 years ago Could you add a test please?
codecov[bot]
commented
6 years ago Merging #108 into master will increase coverage by
0.06%. The diff coverage is75%.
@@ Coverage Diff @@
## master #108 +/- ##
==========================================
+ Coverage 93.68% 93.75% +0.06%
==========================================
Files 1 1
Lines 190 192 +2
==========================================
+ Hits 178 180 +2
Misses 12 12| Impacted Files | Coverage Δ | |
|---|---|---|
| datatables/__init__.py | 93.75% <75%> (+0.06%) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update d1e686a...65bd440. Read the comment docs.
erssebaggala
commented
6 years ago @Pegase745 I have added a test for this. The global search regex is failing. The culprit is : https://github.com/Pegase745/sqlalchemy-datatables/blob/d1e686ae400cec1d5899ab9377335b21d88e0e16/datatables/__init__.py#L350
I could be wrong but from my tests, it is unnecessarily escaping the regex characters.
Why is there a need to clean the regex? Shouldn't it be up to the user to escape any special characters in the search value?
tdamsma
commented
6 years ago I believe the regexes are cleaned for security reasons, as exposing full regex functionality might be a security risk. Not sure how much of a real vulnerability this is with an up to date postgres or mysql backend though.
https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS https://stackoverflow.com/questions/25269811/is-it-safe-to-let-users-enter-custom-regex-patterns#25269866
This PR adds regex filtering for each column. The current version of sqlalchemy-datatables only support regex filtering for the global search.
The regex is used by setting the search_method to regex in the column definition i.e. when creating the ColumnDT instance.