admin/gitea-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(audit): correct findings from review round 1

Browse Source 
- client: add raise_for_status() in get_latest_release() for non-404 errors (FINDING-001)
- client: add timeout parameter (default 30s) passed to all session.get() calls (FINDING-004/SEC-002)
- cli: replace return with sys.exit(1) in all except blocks (FINDING-002)
- test_cli: remove duplicate test_exits_when_token_missing, assert GITEA_TOKEN in stderr (FINDING-006)
- test_cli: update connection error tests to expect SystemExit(1) after exit code fix
- test_cli: rework token masking test to inject token into exception message (FINDING-007)
- test_client: add test_raises_on_server_error for HTTP 500 path (FINDING-001)
- test_client: add tests for default and custom timeout values (FINDING-004)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sylvain
2026-03-10 19:00:57 +01:00
parent e05578676f
commit 01f88a0eca
4 changed files with 74 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/gitea_dashboard/client.py
View File

@@ -14,9 +14,16 @@ class GiteaClient:
_PAGE_LIMIT = 50
def __init__(self, base_url: str, token: str) -> None:
"""Initialise le client avec l'URL de base et le token API."""
def __init__(self, base_url: str, token: str, timeout: int = 30) -> None:
"""Initialise le client avec l'URL de base et le token API.
Args:
base_url: URL de base de l'instance Gitea.
token: Token API pour l'authentification.
timeout: Delai maximum en secondes pour chaque requete (defaut: 30).
"""
self.base_url = base_url.rstrip("/")
self.timeout = timeout
self.session = requests.Session()
self.session.headers["Authorization"] = f"token {token}"
@@ -33,7 +40,7 @@ class GiteaClient:
merged_params["limit"] = self._PAGE_LIMIT
merged_params["page"] = page
url = f"{self.base_url}{endpoint}"
resp = self.session.get(url, params=merged_params)
resp = self.session.get(url, params=merged_params, timeout=self.timeout)
resp.raise_for_status()
items = resp.json()
all_items.extend(items)
@@ -57,9 +64,10 @@ class GiteaClient:
Gere HTTP 404 en retournant None.
"""
url = f"{self.base_url}/api/v1/repos/{owner}/{repo}/releases/latest"
resp = self.session.get(url)
resp = self.session.get(url, timeout=self.timeout)
if resp.status_code == 404:
return None
resp.raise_for_status()
return resp.json()
def get_milestones(self, owner: str, repo: str) -> list[dict]: