From 792541576957f66aed386d259a9abc4eb77dbb2e Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Wed, 22 Apr 2020 14:29:08 +0200 Subject: [PATCH] misc: replace v.isdigit() by is_number(v) (#41820) isdigit() does not accept only ASCII decimal numbers as we expect. --- passerelle/apps/astregs/models.py | 3 ++- passerelle/apps/atos_genesys/models.py | 5 +++-- passerelle/utils/json.py | 4 +++- passerelle/utils/validation.py | 23 +++++++++++++++++++++++ 4 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 passerelle/utils/validation.py diff --git passerelle/apps/astregs/models.py passerelle/apps/astregs/models.py index edb087b1..3e760816 100644 --- passerelle/apps/astregs/models.py +++ passerelle/apps/astregs/models.py @@ -26,6 +26,7 @@ from django.http import Http404 from passerelle.base.models import BaseResource from passerelle.utils.api import endpoint from passerelle.utils.jsonresponse import APIError +from passerelle.utils.validation import is_number ASSOCIATION_SCHEMA = { "$schema": "http://json-schema.org/draft-04/schema#", @@ -375,7 +376,7 @@ class AstreGS(BaseResource): 'value': r.AdresseMail, 'type': 'email'}) if r.TelephoneMobile: - mobile = ''.join((n for n in r.TelephoneMobile if n.isdigit())) + mobile = ''.join((n for n in r.TelephoneMobile if is_number(n))) if mobile and len(mobile) == 10 and mobile[:2] in ('06', '07'): data.append({'id': 'mobile', 'text': 'par SMS vers %s*****%s' % (mobile[:2], mobile[-3:]), diff --git passerelle/apps/atos_genesys/models.py passerelle/apps/atos_genesys/models.py index c4be2813..5e8845f3 100644 --- passerelle/apps/atos_genesys/models.py +++ passerelle/apps/atos_genesys/models.py @@ -28,6 +28,7 @@ from passerelle.utils import xml as xmlutils from passerelle.utils.api import endpoint from passerelle.utils.conversion import to_ascii from passerelle.utils.jsonresponse import APIError +from passerelle.utils.validation import is_number from passerelle.base.models import BaseResource, HTTPResource from . import utils @@ -424,8 +425,8 @@ class Resource(BaseResource, HTTPResource): nom = identification.get('NOM', '') prenom = identification.get('PRENOM', '') nom_naissance = identification.get('NOM_NAISSANCE', '') - tel1 = ''.join(c for c in identification.get('TEL_MOBILE', '') if c.isdigit()) - tel2 = ''.join(c for c in identification.get('TEL_FIXE', '') if c.isdigit()) + tel1 = ''.join(c for c in identification.get('TEL_MOBILE', '') if is_number(c)) + tel2 = ''.join(c for c in identification.get('TEL_FIXE', '') if is_number(c)) email = identification.get('MAIL', '').strip() if tel1 and tel1[:2] in ('06', '07'): data.append({ diff --git passerelle/utils/json.py passerelle/utils/json.py index e09b6ae9..354b3444 100644 --- passerelle/utils/json.py +++ passerelle/utils/json.py @@ -33,6 +33,8 @@ from __future__ import unicode_literals from django.utils import six +from passerelle.utils.validation import is_number + FLATTEN_SEPARATOR = '/' @@ -52,7 +54,7 @@ def unflatten(d, separator=FLATTEN_SEPARATOR): # ok d is a dict def map_digits(l): - return [int(x) if x.isdigit() else x for x in l] + return [int(x) if is_number(x) else x for x in l] keys = [(map_digits(key.split(separator)), key) for key in d] keys.sort() diff --git passerelle/utils/validation.py passerelle/utils/validation.py new file mode 100644 index 00000000..09c93937 --- /dev/null +++ passerelle/utils/validation.py @@ -0,0 +1,23 @@ +# passerelle - uniform access to multiple data sources and services +# Copyright (C) 2020 Entr'ouvert +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + + +def is_number(string): + if hasattr(string, 'isdecimal'): + return string.isdecimal() and string.isascii() + else: # str PY2 + return string.isdigit() + -- 2.26.0