python-feedgen icon indicating copy to clipboard operation
python-feedgen copied to clipboard

Published 20 hours ago verified publisher icon lkiesow

Undocumented / Unwanted? API change in Version 0.9

Open kittel opened this issue 5 years ago • 1 comments

The latest published version (0.9) contains an unwanted? API change. The getter function summary() in FeedEntry is now returning a dict instead of a string.

https://github.com/lkiesow/python-feedgen/blob/ffe3e4d752ac76e23c879c35682c310c2b1ccb86/feedgen/entry.py#L462

See the following example reading the Summary of an entry:

Expected behavior: Return Summary as String

Actual behavior: Summary is returned as dict -> {'summary': "content"}

Steps to reproduce:

  • Create test.py in current folder:
from feedgen.feed import FeedGenerator
from feedgen.version import version as feedgenversion
print('Feedgen Version: {}'.format(feedgenversion))
feed = FeedGenerator()
fe = feed.add_entry()
fe.summary('description')
print('Return type:     {}'.format(type(feed.entry()[0].summary())))
print("Summary:         {}".format(feed.entry()[0].summary()))
  • Execute the following command
pip3 install --user --upgrade feedgen==0.8 > /dev/null; python3 test.py; echo "----------"; pip3 install --user --upgrade feedgen==0.9 > /dev/null; python3 test.py
  • Receive the following output:
Feedgen Version: (0, 8, 0)
Return type:     <class 'str'>
Summary:         description
----------
Feedgen Version: (0, 9, 0)
Return type:     <class 'dict'>
Summary:         {'summary': 'description'}

kittel avatar Feb 10 '20 13:02 kittel

Hello again,

as there is a documented CVE in feedgen version 0.8 [0] i wonder when there will be a reaction to this. Would it help to propose a fix and submit it as a merge request?

regards

[0] https://nvd.nist.gov/vuln/detail/CVE-2020-5227

kittel avatar Mar 04 '20 12:03 kittel

You are absolutely right that this is not great. Unfortunately, that's a design decision from right at the beginning of the project which isn't easy to fix. The methods always return the internal storage structure. This may be a string (if only a string is being stored), but will often be a dictionary.

For example, this:

fe.summary('description')
fe.source('http://example.com', 'Example')
fe.content('Some text')
print("Summary:  {}".format(feed.entry()[0].summary()))
print("Source:   {}".format(feed.entry()[0].source()))
print("Content:  {}".format(feed.entry()[0].content()))

will result in:

Summary:  {'summary': 'description'}
Source:   {'url': 'http://example.com', 'title': 'Example'}
Content:  {'content': 'Some text'}

Summary allows you to store a type as well as the summary itself. Returning only the summary would mean that there is no way to see what type is stored for the summary, which then would be inconsistent with the other methods.

That being said, I'll try to add changes like these to release notes.

lkiesow avatar Dec 24 '23 12:12 lkiesow