mirror of
https://github.com/apache/superset.git
synced 2026-06-11 18:49:15 +00:00
86 lines
3.0 KiB
Python
86 lines
3.0 KiB
Python
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
from typing import Any, Optional, Union
|
|
from urllib.parse import urlparse
|
|
|
|
from marshmallow import validate, ValidationError
|
|
|
|
from superset.utils import json
|
|
|
|
ALLOWED_URL_SCHEMES = frozenset({"http", "https"})
|
|
|
|
|
|
class OneOfCaseInsensitive(validate.OneOf):
|
|
"""
|
|
Marshmallow validator that's based on the built-in `OneOf`, but performs
|
|
validation case insensitively.
|
|
"""
|
|
|
|
def __call__(self, value: Any) -> str:
|
|
try:
|
|
if (value.lower() if isinstance(value, str) else value) not in [
|
|
choice.lower() if isinstance(choice, str) else choice
|
|
for choice in self.choices
|
|
]:
|
|
raise ValidationError(self._format_error(value))
|
|
except TypeError as error:
|
|
raise ValidationError(self._format_error(value)) from error
|
|
|
|
return value
|
|
|
|
|
|
def validate_json(value: Union[bytes, bytearray, str]) -> None:
|
|
"""
|
|
JSON Validator that can be passed to a Marshmallow `Field`'s validate argument.
|
|
|
|
:raises ValidationError: if value is not serializable to JSON
|
|
:param value: an object that should be parseable to JSON
|
|
"""
|
|
try:
|
|
json.validate_json(value)
|
|
except json.JSONDecodeError as ex:
|
|
raise ValidationError("JSON not valid") from ex
|
|
|
|
|
|
def validate_external_url(value: Optional[str]) -> None:
|
|
"""
|
|
Validator for externally managed object URLs.
|
|
|
|
Restricts the accepted URL schemes to ``http`` and ``https`` so that
|
|
other schemes (for example ``javascript:``, ``data:`` or ``vbscript:``)
|
|
cannot be stored and later rendered by clients. The URL must also be
|
|
absolute (include a network location/host) so that malformed values such
|
|
as ``https:foo`` are rejected. Empty values are allowed since the field is
|
|
optional.
|
|
|
|
:param value: the URL to validate
|
|
:raises ValidationError: if the value uses a disallowed scheme or is not
|
|
an absolute URL
|
|
"""
|
|
if not value:
|
|
return
|
|
|
|
parsed = urlparse(value)
|
|
scheme = parsed.scheme.lower()
|
|
if scheme not in ALLOWED_URL_SCHEMES:
|
|
raise ValidationError(
|
|
"URL must use one of the following schemes: "
|
|
f"{', '.join(sorted(ALLOWED_URL_SCHEMES))}."
|
|
)
|
|
if not parsed.netloc:
|
|
raise ValidationError("URL must be absolute and include a host.")
|