sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: correct tojson|safe usage in templates and update validator

Browse Source 
- Remove |safe from |tojson in HTML attributes (x-data) - quotes must
  become " for browsers to parse correctly
- Update LANG-002 and LANG-003 architecture rules to document correct
  |tojson usage patterns:
  - HTML attributes: |tojson (no |safe)
  - Script blocks: |tojson|safe
- Fix validator to warn when |tojson|safe is used in x-data (breaks
  HTML attribute parsing)
- Improve code quality across services, APIs, and tests

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2025-12-13 22:59:51 +01:00
parent 94d268f330
commit 9920430b9e
123 changed files with 1408 additions and 840 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/integration/security/test_input_validation.py
View File

@@ -4,6 +4,7 @@ Input validation tests for the API.
Tests SQL injection prevention, parameter validation, and JSON validation.
"""
import pytest
@@ -27,14 +28,10 @@ class TestInputValidation:
def test_parameter_validation(self, client, admin_headers):
"""Test parameter validation for API endpoints"""
# Test invalid pagination parameters
response = client.get(
"/api/v1/admin/products?limit=-1", headers=admin_headers
)
response = client.get("/api/v1/admin/products?limit=-1", headers=admin_headers)
assert response.status_code == 422 # Validation error
response = client.get(
"/api/v1/admin/products?skip=-1", headers=admin_headers
)
response = client.get("/api/v1/admin/products?skip=-1", headers=admin_headers)
assert response.status_code == 422 # Validation error
def test_json_validation(self, client, admin_headers, test_company):
@@ -51,8 +48,6 @@ class TestInputValidation:
response = client.post(
"/api/v1/admin/vendors",
headers=admin_headers,
json={
"name": "Test Vendor"
}, # Missing required company_id, vendor_code
json={"name": "Test Vendor"}, # Missing required company_id, vendor_code
)
assert response.status_code == 422 # Validation error