Skip to content

Commit

Permalink
fix: escape while preserving numbers
Browse files Browse the repository at this point in the history
  • Loading branch information
@stdavis
stdavis committed Dec 6, 2024
1 parent f329207 commit 7bb2170
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 12 deletions.
15 changes: 7 additions & 8 deletions src/masquerade/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,11 @@
from flask.logging import create_logger
from flask_cors import CORS
from flask_json import FlaskJSON, as_json_p
from markupsafe import escape
from pyproj import CRS, Transformer
from requests.models import HTTPError

from .providers import open_sgid, web_api
from .utils import WGS84, cleanse_text, get_out_spatial_reference, get_request_param
from .utils import WGS84, cleanse_text, escape_while_preserving_numbers, get_out_spatial_reference, get_request_param

load_dotenv()

Expand Down Expand Up @@ -310,17 +309,17 @@ def reverse_geocode():
else:
x, y = location["x"], location["y"]

result = web_api.reverse_geocode(x, y, out_spatial_reference)
escaped_result = {key: escape(value) for key, value in result.items()}
result = web_api.reverse_geocode(x, y, out_spatial_reference, location["x"], location["y"])
escaped_result = {key: escape_while_preserving_numbers(value) for key, value in result.items()}

return {
"address": escaped_result,
"location": {
"x": escape(x),
"y": escape(y),
"x": escape_while_preserving_numbers(x),
"y": escape_while_preserving_numbers(y),
"spatialReference": {
"wkid": escape(request_wkid),
"latestWkid": escape(out_spatial_reference),
"wkid": escape_while_preserving_numbers(request_wkid),
"latestWkid": escape_while_preserving_numbers(out_spatial_reference),
},
},
}
Expand Down
6 changes: 3 additions & 3 deletions src/masquerade/providers/web_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ def etl_candidate(ugrc_candidate):
}


def reverse_geocode(x, y, spatial_reference):
def reverse_geocode(x: float, y: float, spatial_reference: int, input_x: float, input_y: float) -> dict:
"""reverse geocodes a point using web api supplemented by open sgid queries"""

city = open_sgid.get_city(x, y, spatial_reference)
Expand Down Expand Up @@ -208,8 +208,8 @@ def reverse_geocode(x, y, spatial_reference):
"CountryCode": "USA",
"X": x,
"Y": y,
"InputX": x,
"InputY": y,
"InputX": input_x,
"InputY": input_y,
}

parameters = {
Expand Down
11 changes: 11 additions & 0 deletions src/masquerade/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,11 @@
"""
Utility functions
"""

import json

from markupsafe import escape

WGS84 = 4326
WEB_MERCATOR = 3857
OLD_WEB_MERCATOR = 102100
Expand Down Expand Up @@ -48,3 +51,11 @@ def get_out_spatial_reference(incoming_request):
request_wkid,
WEB_MERCATOR if request_wkid == OLD_WEB_MERCATOR else request_wkid,
)


def escape_while_preserving_numbers(value: int | float | str) -> int | float | str:
"""escape a value while preserving numbers"""
if isinstance(value, (int, float)):
return value

return escape(value)
20 changes: 19 additions & 1 deletion tests/test_utils.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
from unittest.mock import MagicMock

from masquerade.utils import cleanse_text, get_out_spatial_reference
from markupsafe import Markup

from masquerade.utils import cleanse_text, escape_while_preserving_numbers, get_out_spatial_reference


def test_removes_spaces():
Expand Down Expand Up @@ -49,3 +51,19 @@ def test_get_out_spatial_reference_post_request():
request.form = {"outSR": 3857}

assert get_out_spatial_reference(request) == (3857, 3857)


def test_escape_while_preserving_numbers_with_int():
assert escape_while_preserving_numbers(123) == 123


def test_escape_while_preserving_numbers_with_float():
assert escape_while_preserving_numbers(123.45) == 123.45


def test_escape_while_preserving_numbers_with_string():
assert escape_while_preserving_numbers("<script>") == Markup("&lt;script&gt;")


def test_escape_while_preserving_numbers_with_safe_string():
assert escape_while_preserving_numbers(Markup("<strong>safe</strong>")) == Markup("<strong>safe</strong>")

0 comments on commit 7bb2170

Please sign in to comment.