Upgrades isort webtest and pylint quotes #6938
Conversation
NishealJ
requested review from
apb7,
nithusha21,
seanlip and
vojtechjelinek
as code owners
Codecov Report
@@ Coverage Diff @@
## develop #6938 +/- ##
========================================
Coverage 95.73% 95.73%
========================================
Files 371 371
Lines 51604 51604
========================================
Hits 49404 49404
Misses 2200 2200
Continue to review full report at Codecov.
|
Codecov Report
@@ Coverage Diff @@
## develop #6938 +/- ##
========================================
Coverage 95.73% 95.73%
========================================
Files 371 371
Lines 51604 51604
========================================
Hits 49404 49404
Misses 2200 2200
Continue to review full report at Codecov.
|
core/controllers/base.py
Outdated
| @@ -339,8 +339,9 @@ def render_template(self, filepath, iframe_restriction='DENY'): | |||
| self.response.headers['X-Xss-Protection'] = '1; mode=block' | |||
|
|
|||
| if iframe_restriction is not None: | |||
| if iframe_restriction in ['SAMEORIGIN', 'DENY']: | |||
| self.response.headers['X-Frame-Options'] = iframe_restriction | |||
| if iframe_restriction in [str('SAMEORIGIN'), str('DENY')]: | |||
There was a problem hiding this comment.
Can you please point me to some documentation for webtest re this change?
Also, you can drop the str here since you're already converting iframe_restriction to a string below.
There was a problem hiding this comment.
Hi @apb7,
if we dont str() them, they throw an error AssertionError: Header names must be latin1 string (not Py2 unicode or Py3 bytes type). i've read more about it here and here, seems like HTTP response headers should be a native strings - byte strings in Python 2 and unicode strings in Python 3, here is the issue raised in webtest repo for the same
There was a problem hiding this comment.
Can you please point to the changelog of the version which mentions this change? There must be some documentation for this.
And I think you missed this:
Also, you can drop the str here since you're already converting iframe_restriction to a string below.
I suggest not to blindly put up str everywhere without first understanding the need.
There was a problem hiding this comment.
Hi @apb7 I've made it tedious and justifying please PTAL Thanks!
There was a problem hiding this comment.
Here is the changelog of wbetest they haven't mentioned in the changelog but the changes in the version below are notable for the cause
2.0.11 : Depend on unittest2 only for Python versions lower than 2.7 [iElectric]
2.0.28 : Fixed #119: Assertion error should be raised when you have non-string response header
Also similar notes can be found in requests changelog here
2.14.0 Breaking changes: Much improved handling of non-ASCII Location header values in redirects. Fewer UnicodeDecodeErrors are encountered on Python 2, and Python 3 now correctly understands that Latin-1 is unlikely to be the correct encoding.
Reading through the above docs and here as well looks like the application should return the native strings for headers and Python 2 build-in WSGI server don't help us in encoding/decoding and it must must be handled by the application itself in Python 2 whereas the case is different in Python 3.
core/controllers/base_test.py
Outdated
| @@ -831,8 +831,8 @@ def test_responses_with_valid_iframe_restriction(self): | |||
| self.get_html_response('/mock') | |||
|
|
|||
| response = self.get_html_response( | |||
| '/mock', params={'iframe_restriction': 'DENY'}) | |||
| self.assertEqual(response.headers['X-Frame-Options'], 'DENY') | |||
| '/mock', params={str('iframe_restriction'): str('DENY')}) | |||
There was a problem hiding this comment.
Hi @apb7, This is also for a similar reason I mentioned above
core/controllers/base.py
Outdated
| @@ -339,8 +339,9 @@ def render_template(self, filepath, iframe_restriction='DENY'): | |||
| self.response.headers['X-Xss-Protection'] = '1; mode=block' | |||
|
|
|||
| if iframe_restriction is not None: | |||
| if iframe_restriction in ['SAMEORIGIN', 'DENY']: | |||
| self.response.headers['X-Frame-Options'] = iframe_restriction | |||
| if iframe_restriction in [str('SAMEORIGIN'), str('DENY')]: | |||
There was a problem hiding this comment.
Can you please point me to some documentation for webtest re this change?
Also, you can drop the str here since you're already converting iframe_restriction to a string below.
core/controllers/base_test.py
Outdated
| '/mock', params={'iframe_restriction': 'DENY'}) | ||
| self.assertEqual(response.headers['X-Frame-Options'], 'DENY') | ||
| '/mock', params={str('iframe_restriction'): str('DENY')}) | ||
| self.assertEqual(response.headers[str('X-Frame-Options')], str('DENY')) | ||
|
|
||
| response = self.get_html_response( | ||
| '/mock', params={'iframe_restriction': 'SAMEORIGIN'}) |
There was a problem hiding this comment.
Why do these lines work then (that is, without the conversion)?
There was a problem hiding this comment.
I don't think that this is valid reasoning. I agree that only a particular test fails but we should be clear what's happening behind the scenes and why the other test does not fail.
There was a problem hiding this comment.
Hi @apb7, I've updated the changes with reason PTAL Thanks!
|
Hi @NishealJ, ptal! Thanks! |
core/controllers/base.py
Outdated
| @@ -339,8 +339,9 @@ def render_template(self, filepath, iframe_restriction='DENY'): | |||
| self.response.headers['X-Xss-Protection'] = '1; mode=block' | |||
|
|
|||
| if iframe_restriction is not None: | |||
| if iframe_restriction in ['SAMEORIGIN', 'DENY']: | |||
| self.response.headers['X-Frame-Options'] = iframe_restriction | |||
| if iframe_restriction in [str('SAMEORIGIN'), str('DENY')]: | |||
There was a problem hiding this comment.
Can you please point to the changelog of the version which mentions this change? There must be some documentation for this.
And I think you missed this:
Also, you can drop the str here since you're already converting iframe_restriction to a string below.
I suggest not to blindly put up str everywhere without first understanding the need.
core/controllers/base_test.py
Outdated
| '/mock', params={'iframe_restriction': 'DENY'}) | ||
| self.assertEqual(response.headers['X-Frame-Options'], 'DENY') | ||
| '/mock', params={str('iframe_restriction'): str('DENY')}) | ||
| self.assertEqual(response.headers[str('X-Frame-Options')], str('DENY')) | ||
|
|
||
| response = self.get_html_response( | ||
| '/mock', params={'iframe_restriction': 'SAMEORIGIN'}) |
There was a problem hiding this comment.
I don't think that this is valid reasoning. I agree that only a particular test fails but we should be clear what's happening behind the scenes and why the other test does not fail.
There was a problem hiding this comment.
LGTM, thanks for the explanation, @NishealJ! Please revert the changes in package-lock.json. Also, @nithusha21, @seanlip and @vojtechjelinek, ptal as code owners. Thanks!
|
I won't be reviewing until I see a testing doc with links to the changelogs for the various libraries and an explanation that analyzes any breaking changes and calls out what is being done about them. (@NishealJ, I think I've asked for this before -- please take note of this for all library upgrades.) |
Hi @seanlip, sorry for the issue. |
Explanation
This PR upgrades Upgrades isort webtest and pylint quotes.
To see the library status please visit here
Please visit here for the testing doc
Checklist
python scripts/pre_commit_linter.pyandbash scripts/run_frontend_tests.sh.