Skip to content

fix: address red flags from code review#18

Closed
mortenoh wants to merge 10 commits intomainfrom
fix/code-review-red-flags
Closed

fix: address red flags from code review#18
mortenoh wants to merge 10 commits intomainfrom
fix/code-review-red-flags

Conversation

@mortenoh
Copy link
Member

@mortenoh mortenoh commented Feb 26, 2026
edited
Loading

Summary

Addresses red flags found during code review of src/eo_api. Security issues, reliability problems, and correctness fixes.

Security hardening

  • SSRF + path traversal (zonal_statistics.py): replaced urlopen() with httpx.get() (30s timeout), removed local file path support entirely
  • CORS (main.py): dropped allow_credentials=True (not needed for public data API)

Reliability

  • Exception chain (chirps3_dhis2_pipeline.py): changed from None to from e to preserve tracebacks
  • YAML error handling (registry.py): narrowed bare except Exception to (yaml.YAMLError, OSError)

Correctness + cleanup

  • Hardcoded URL (tasks.py): OGCAPI_BASE_URL now read from env var with localhost fallback
  • assert -> ValueError (serialize.py): replaced asserts (stripped with -O) with proper exceptions
  • Registry caching (registry.py): added @lru_cache to list_datasets() to avoid re-parsing YAML on every request
  • Temp file leak (serialize.py): clean up temp file if to_netcdf() fails

@mortenoh
docs: add code review roadmap for red flags in src/eo_api
1c28d85
@mortenoh
fix: close SSRF and path traversal in zonal_statistics
cc73b08 
- Replace urllib urlopen() with httpx.get() with a 30s timeout
- Remove local file path support entirely (was an unrestricted read)
- Reject any string input that is not an HTTP(S) URL
@mortenoh
fix: drop allow_credentials from CORS middleware
754f212 
allow_origins=["*"] + allow_credentials=True is a dangerous CORS
combination. Credentials are not needed for this public data API.
@mortenoh
fix: preserve exception chain in chirps3_dhis2_pipeline
1aba1ed 
Change `from None` to `from e` so the original traceback is retained
when ProcessorExecuteError is raised.
@mortenoh
fix: make OGCAPI base URL configurable via environment variable
6f758a0 
Read OGCAPI_BASE_URL from env so Prefect workers outside the API
container can reach the correct endpoint.
@mortenoh
fix: replace assert with ValueError in serialize preview functions
25b1050 
Asserts are stripped with python -O. These invariants guard real logic
so they need to be proper exceptions.
@mortenoh
fix: cache registry YAML lookup with lru_cache
f182ca2 
YAML files don't change at runtime so there's no need to re-read and
re-parse them on every request.
@mortenoh
fix: narrow exception handling in registry YAML loader
0c00b4e 
Catch (yaml.YAMLError, OSError) instead of bare Exception so
unexpected errors like TypeError from malformed data surface
immediately instead of silently dropping datasets.
@mortenoh
fix: clean up temp file on netcdf write failure
a49cfcd 
If to_netcdf() raises, remove the orphaned temp file before
re-raising the exception.
@mortenoh
chore: remove temporary roadmap document
595e820
@mortenoh mortenoh closed this Feb 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mortenoh