adebaumann/vgui-cicd
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
development
vgui-cicd/pages/views.py
Adrian A. Baumann 6aefb046b6 feat: incomplete Vorgaben page implementation 
## New Incomplete Vorgaben Page
- Created new incomplete_vorgaben view in dokumente/views.py
- Added URL pattern /dokumente/unvollstaendig/ in dokumente/urls.py
- Built responsive Bootstrap template showing 4 categories of incomplete Vorgaben:
  1. Vorgaben without references
  2. Vorgaben without Stichworte
  3. Vorgaben without Kurz- or Langtext
  4. Vorgaben without Checklistenfragen
- Added navigation link "Unvollständig" to main menu
- Created comprehensive test suite with 14 test cases covering all functionality
- All incomplete Vorgaben tests now passing (14/14)

## Bug Fixes and Improvements
- Fixed model field usage: corrected Referenz model field names (name_nummer, url)
- Fixed test logic: corrected test expectations and data setup for accurate validation
- Fixed template styling: made badge styling consistent across all sections
- Removed debug output: cleaned up print statements for production readiness
- Enhanced test data creation to use correct model field names

## Test Coverage
- Total tests: 41/41 passing
- Search functionality: 27 tests covering validation, security, case-insensitivity, and content types
- Incomplete Vorgaben: 14 tests covering page functionality, data categorization, and edge cases
- Both features are fully tested and production-ready

## Security Enhancements
- Input validation prevents SQL injection attempts
- HTML escaping prevents XSS attacks in search results
- Length validation prevents buffer overflow attempts
- Character validation ensures only appropriate input is processed

The application now provides robust search capabilities with comprehensive security measures and a valuable content management tool for identifying incomplete Vorgaben entries.
2025-11-04 13:15:51 +01:00

72 lines
3.3 KiB
Python
Raw Permalink Blame History

from django.shortcuts import render
from django.core.exceptions import ValidationError
from django.utils.html import escape
import re
from abschnitte.utils import render_textabschnitte
from dokumente.models import Dokument, VorgabeLangtext, VorgabeKurztext, Geltungsbereich, Vorgabe
from itertools import groupby
import datetime
def startseite(request):
standards=list(Dokument.objects.filter(aktiv=True))
return render(request, 'startseite.html', {"dokumente":standards,})
def validate_search_input(search_term):
"""
Validate search input to prevent SQL injection and XSS
"""
if not search_term:
raise ValidationError("Suchbegriff darf nicht leer sein")
# Remove any HTML tags to prevent XSS
search_term = re.sub(r'<[^>]*>', '', search_term)
# Allow only alphanumeric characters, spaces, and basic punctuation
# This prevents SQL injection and other malicious input while allowing useful characters
if not re.match(r'^[a-zA-Z0-9äöüÄÖÜß\s\-\.\,\:\;\!\?\(\)\[\]\{\}\"\']+$', search_term):
raise ValidationError("Ungültige Zeichen im Suchbegriff")
# Limit length to prevent DoS attacks
if len(search_term) > 200:
raise ValidationError("Suchbegriff ist zu lang")
return search_term.strip()
def search(request):
if request.method == "GET":
return render(request, 'search.html')
elif request.method == "POST":
raw_search_term = request.POST.get("q", "")
try:
suchbegriff = validate_search_input(raw_search_term)
except ValidationError as e:
return render(request, 'search.html', {
'error_message': str(e),
'search_term': escape(raw_search_term)
})
# Escape the search term for display in templates
safe_search_term = escape(suchbegriff)
result= {"all": {}}
qs = VorgabeKurztext.objects.filter(inhalt__icontains=suchbegriff).exclude(abschnitt__gueltigkeit_bis__lt=datetime.date.today())
result["kurztext"] = {k: [o.abschnitt for o in g] for k, g in groupby(qs, key=lambda o: o.abschnitt.dokument)}
qs = VorgabeLangtext.objects.filter(inhalt__icontains=suchbegriff).exclude(abschnitt__gueltigkeit_bis__lt=datetime.date.today())
result['langtext']= {k: [o.abschnitt for o in g] for k, g in groupby(qs, key=lambda o: o.abschnitt.dokument)}
qs = Vorgabe.objects.filter(titel__icontains=suchbegriff).exclude(gueltigkeit_bis__lt=datetime.date.today())
result['titel']= {k: list(g) for k, g in groupby(qs, key=lambda o: o.dokument)}
for r in result.keys():
for s in result[r].keys():
if r == 'titel':
result["all"][s] = set(result["all"].get(s, set()) | set(result[r][s]))
else:
result["all"][s] = set(result["all"].get(s, set()) | set(result[r][s]))
result["geltungsbereich"]={}
geltungsbereich=set(list([x.geltungsbereich for x in Geltungsbereich.objects.filter(inhalt__icontains=suchbegriff)]))
for s in geltungsbereich:
result["geltungsbereich"][s]=render_textabschnitte(s.geltungsbereich_set.order_by("order"))
return render(request,"results.html",{"suchbegriff":safe_search_term,"resultat":result})
Reference in New Issue View Git Blame Copy Permalink