Enhance Cloudinary CLI for Security and Optimization #80
Conversation
Addressed the potential security risk by implementing thorough input validation and sanitization for user-provided arguments and options. This helps mitigate the risk of code injection and ensures that unexpected behavior does not occur due to malicious input. Specifically, the code now validates and sanitizes user input before processing.
There was a problem hiding this comment.
@simran-sankhala, first of all thank you for contribution!
I like your refactoring, it makes code much more organized and easier to read!
Regarding input validation, I just saw the check that user indeed specified a valid directory, which is a good thing to check!
Are there any other things that are changed that I am missing?
Could you also add 1-2 tests covering this use case?
BTW, tests failed. Can you please check that?
See my other comments.
| @click.option("-o", "--optional_parameter", multiple=True, nargs=2, help="Pass optional parameters as raw strings.") | ||
| @click.option("-O", "--optional_parameter_parsed", multiple=True, nargs=2, help="Pass optional parameters as interpreted strings.") | ||
| @click.option("-t", "--transformation", help="The transformation to apply on all uploads.") | ||
| @click.option("-f", "--folder", default="", help="The path where you want to upload the assets. The path you specify will be pre-pended to the public IDs of the uploaded assets. You can specify a whole path, for example path1/path2/path3. Any folders that do not exist are automatically created.") |
There was a problem hiding this comment.
For readability, we keep line length up to 120 chars.
| **upload_dir_options, | ||
| **group_params(optional_parameter, ((k, parse_option_value(v)) for k, v in optional_parameter_parsed)), | ||
| } | ||
| options = prepare_upload_options(transformation, preset, optional_parameter, optional_parameter_parsed, folder, folder_mode) |
There was a problem hiding this comment.
Like! it makes code much more readable!
|
sure , let me work on that test cases |
|
@simran-sankhala do you plan on continuing to work on this? |
Brief Summary of Changes
Addressed the potential security risk by implementing thorough input validation and sanitization for user-provided arguments and options. This helps mitigate the risk of code injection and ensures that unexpected behavior does not occur due to malicious input. Specifically, the code now validates and sanitizes user input before processing.
What does this PR address?
Are tests included?