From 3b4617e8877ad0ba1ffebd823f108abc2939ef9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Fri, 29 Mar 2024 13:59:33 +0100 Subject: [PATCH] workflows: check global timeout is not ouf of reasonable bounds (#88864) --- tests/admin_pages/test_workflow.py | 6 +++++- wcs/workflows.py | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/admin_pages/test_workflow.py b/tests/admin_pages/test_workflow.py index e0b0e8986..60885df42 100644 --- a/tests/admin_pages/test_workflow.py +++ b/tests/admin_pages/test_workflow.py @@ -2842,10 +2842,14 @@ def test_workflows_global_actions_timeout_triggers(pub): resp = resp.click( href='triggers/%s/' % Workflow.get(workflow.id).global_actions[0].triggers[0].id, index=0 ) - for invalid_value in ('foobar', '-'): + for invalid_value in ('foobar', '-', '0123'): resp.form['timeout'] = invalid_value resp = resp.form.submit('submit') assert 'wrong format' in resp.text + for invalid_value in ('833333335', '-833333335'): + resp.form['timeout'] = invalid_value + resp = resp.form.submit('submit') + assert 'invalid value, out of bounds' in resp.text resp.form['timeout'] = '' resp = resp.form.submit('submit') assert 'required field' in resp.text diff --git a/wcs/workflows.py b/wcs/workflows.py index 20f574f62..596d45b72 100644 --- a/wcs/workflows.py +++ b/wcs/workflows.py @@ -2024,9 +2024,11 @@ class WorkflowGlobalActionTimeoutTrigger(WorkflowGlobalActionTrigger): def validate_timeout(value): if Template.is_template_string(value): return ComputedExpressionWidget.validate_template(value) - match = re.match(r'^-?\d+$', value or '') + match = re.match(r'^-?[1-9]\d*$', value or '') if not match or not match.group() == value: raise ValueError(_('wrong format')) + if not (365 * -100 < float(value) < 365 * 100): # ±100 years should be enough + raise ValueError(_('invalid value, out of bounds')) form.add( StringWidget,