Project

General

Profile

Development #33087

NoReverseMatch sur logout avec next \"backend

Added by Thomas Noël 9 days ago. Updated 8 days ago.

Status:
Solution proposée
Priority:
Normal
Category:
-
Target version:
-
Start date:
14 May 2019
Due date:
% Done:

0%

Patch proposed:
Yes
Planning:
No

Description

C'est dans le cadre d'un fuzzing, mais la réponse est assez bizarre.

Internal Server Error: /logout/

NoReverseMatch at /logout/
Reverse for '\"backend' not found. '\"backend' is not a valid view function or pattern name.

Request Method: GET
Request URL: https://connexion-xxx.test.entrouvert.org/logout/?local=ok&next=%5c%22backend
Django Version: 1.11.20
Python Executable: /usr/bin/python
Python Version: 2.7.13
Python Path: ...
Server time: mar, 14 Mai 2019 12:54:30 +0200
Installed Applications:
''
Installed Middleware:
''
Traceback:

File "/usr/lib/python2.7/dist-packages/django/core/handlers/exception.py" in inner
  41.             response = get_response(request)

File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py" in _legacy_get_response
  249.             response = self._get_response(request)

File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)

File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/usr/lib/python2.7/dist-packages/authentic2/views.py" in logout
  575.     response = utils.redirect(request, next_url)

File "/usr/lib/python2.7/dist-packages/authentic2/utils.py" in redirect
  326.                    include=include, exclude=exclude, fragment=fragment, resolve=resolve)

File "/usr/lib/python2.7/dist-packages/authentic2/utils.py" in make_url
  271.         url = resolve_url(to, *args, **kwargs)

File "/usr/lib/python2.7/dist-packages/django/shortcuts.py" in resolve_url
  147.         return reverse(to, args=args, kwargs=kwargs)

File "/usr/lib/python2.7/dist-packages/django/urls/base.py" in reverse
  91.     return force_text(iri_to_uri(resolver._reverse_with_prefix(view, prefix, *args, **kwargs)))

File "/usr/lib/python2.7/dist-packages/django/urls/resolvers.py" in _reverse_with_prefix
  497.         raise NoReverseMatch(msg)

Exception Type: NoReverseMatch at /logout/
Exception Value: Reverse for '\"backend' not found. '\"backend' is not a valid view function or pattern name.
Request information:
USER: AnonymousUser

GET:
local = u'ok'
next = u'\\"backend'

POST: No POST data

FILES: No FILES data

COOKIES: No cookie data

0001-spring-cleaning-32934.patch View (725 KB) Benjamin Dauvergne, 14 May 2019 05:04 PM

0002-views-validates-logout-next-URL-33087.patch View (2.43 KB) Benjamin Dauvergne, 14 May 2019 05:04 PM


Related issues

Copied from Authentic 2 - Bug #33086: crash sur mauvaise URL next lors du logout Rejeté 14 May 2019

History

#1 Updated by Thomas Noël 9 days ago

Même genre avec next=( :

NoReverseMatch at /logout/
Reverse for '(' not found. '(' is not a valid view function or pattern name.

Request Method: GET
Request URL: https://connexion-departement06.test.entrouvert.org/logout/?local=ok&next=(

#2 Updated by Thomas Noël 9 days ago

Et plus amusant :

Internal Server Error: /logout/

NoReverseMatch at /logout/
Reverse for 'amsterdam' not found. 'amsterdam' is not a valid view function or pattern name.

Request Method: GET
Request URL: https://connexion-departement06.test.entrouvert.org/logout/?local=ok&next=amsterdam

#3 Updated by Benjamin Dauvergne 9 days ago

  • Assignee set to Benjamin Dauvergne

#4 Updated by Benjamin Dauvergne 8 days ago

À appliquer après #32934.

Ce patch évite aussi d'utiliser utils.redirect() qui doit être réservé à un
usage interne, shortcuts.redirect() suffit pour un des URLs bruts.

Ça valide toutes les URLs next vis à vis de la whitelist dynamique, mais bon normalement personne n'est sensé appeler notre URL de logout à part authentic.

#5 Updated by Benjamin Dauvergne 8 days ago

  • Copied from Bug #33086: crash sur mauvaise URL next lors du logout added

Also available in: Atom PDF