Bug #40935
crash sur l'URL /register/fc
Statut:
Fermé
Priorité:
Normal
Assigné à:
-
Version cible:
-
Début:
24 mars 2020
Echéance:
% réalisé:
0%
Temps estimé:
Patch proposed:
Oui
Planning:
Non
Description
Sans doute lié à un "audit de sécurité" :
Exception: type = '<class 'AttributeError'>', value = ''MethodDirectory' object has no attribute 'register'' Stack trace (most recent call first): File "/usr/lib/python3/dist-packages/wcs/root.py", line 191, in _q_lookup 189 return dir 190 except KeyError: > 191 return errors.TraversalError() 192 193 locals: component = 'fc' dir = <wcs.qommon.ident.franceconnect.MethodDirectory object at 0x7f3ac8029828> self = <modules.root.AlternateRegisterDirectory object at 0x7f3acb7ab6d8> File "/usr/lib/python3/dist-packages/quixote/directory.py", line 82, in _q_traverse 80 obj = getattr(self, name) 81 else: > 82 obj = self._q_lookup(component) 83 if obj is None: 84 raise TraversalError(private_msg=('directory %r has no component ' locals: component = 'fc' name = None path = [] self = <modules.root.AlternateRegisterDirectory object at 0x7f3acb7ab6d8> File "/usr/lib/python3/dist-packages/auquotidien/modules/root.py", line 81, in _q_traverse 79 def _q_traverse(self, path): 80 get_response().filter['bigdiv'] = 'new_member' > 81 return OldRegisterDirectory._q_traverse(self, path) 82 83 def _q_index(self): locals: path = ['fc'] self = <modules.root.AlternateRegisterDirectory object at 0x7f3acb7ab6d8> File "/usr/lib/python3/dist-packages/quixote/directory.py", line 88, in _q_traverse 86 if path: 87 if hasattr(obj, '_q_traverse'): > 88 return obj._q_traverse(path) 89 else: 90 raise TraversalError locals: component = 'register' name = 'register' obj = <modules.root.AlternateRegisterDirectory object at 0x7f3acb7ab6d8> path = ['fc'] self = <modules.root.AlternateRootDirectory object at 0x7f3acaf27978> File "/usr/lib/python3/dist-packages/auquotidien/modules/root.py", line 296, in _q_traverse 294 return FormsRootDirectory(cat)._q_traverse(path[1:]) 295 > 296 raise e 297 298 locals: path = ['register', 'fc'] response = <wcs.qommon.http_response.HTTPResponse object at 0x7f3ac8029908> self = <modules.root.AlternateRootDirectory object at 0x7f3acaf27978> File "/usr/lib/python3/dist-packages/quixote/publish.py", line 241, in try_publish 239 permanent=True) 240 components = path[1:].split('/') > 241 output = self.root_directory._q_traverse(components) 242 # The callable ran OK, commit any changes to the session 243 self.finish_successful_request() locals: allowed_methods = ['GET', 'HEAD', 'POST'] components = ['register', 'fc'] method = 'GET' path = '/register/fc' request = <wcs.compat.CompatHTTPRequest object at 0x7f3ac802b2b0> self = <wcs.compat.CompatWcsPublisher object at 0x7f3acaf279e8> File "/usr/lib/python3/dist-packages/wcs/compat.py", line 203, in process_request 201 output = self.finish_interrupted_request(exc) 202 except Exception as exc: > 203 output = self.finish_failed_request() 204 response = request.response 205 locals: exc = AttributeError("'MethodDirectory' object has no attribute 'register'",) request = <wcs.compat.CompatHTTPRequest object at 0x7f3ac802b2b0> self = <wcs.compat.CompatWcsPublisher object at 0x7f3acaf279e8> File "/usr/lib/python3/dist-packages/wcs/compat.py", line 242, in quixote 240 def quixote(request): 241 pub = get_publisher() > 242 return pub.process_request(pub.get_request()) 243 244 locals: pub = <wcs.compat.CompatWcsPublisher object at 0x7f3acaf279e8> request = <WSGIRequest: GET '/register/fc'> File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 185, in _get_response 183 wrapped_callback = self.make_view_atomic(callback) 184 try: > 185 response = wrapped_callback(request, *callback_args, **callback_kwargs) 186 except Exception as e: 187 response = self.process_exception_by_middleware(e, request) locals: callback = <function quixote at 0x7f3ad40c87b8> callback_args = () callback_kwargs = {} middleware_method = <bound method PrometheusStatsMiddleware.process_view of <hobo.middleware.stats.PrometheusStatsMiddleware object at 0x7f3acb76bdd8>> request = <WSGIRequest: GET '/register/fc'> resolver = <RegexURLResolver 'wcs.urls' (None:None) ^/> resolver_match = ResolverMatch(func=wcs.compat.quixote, args=(), kwargs={}, url_name=quixote, app_names=[], namespaces=[]) response = None self = <django.core.handlers.wsgi.WSGIHandler object at 0x7f3acb85ef98> wrapped_callback = <function quixote at 0x7f3ad40c87b8> File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 249, in _legacy_get_response 247 248 if response is None: > 249 response = self._get_response(request) 250 return response locals: middleware_method = <bound method PrometheusStatsMiddleware.process_request of <hobo.middleware.stats.PrometheusStatsMiddleware object at 0x7f3acb76bdd8>> request = <WSGIRequest: GET '/register/fc'> response = None self = <django.core.handlers.wsgi.WSGIHandler object at 0x7f3acb85ef98> File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py", line 41, in inner 39 def inner(request): 40 try: > 41 response = get_response(request) 42 except Exception as exc: 43 response = response_for_exception(request, exc) locals: get_response = <bound method BaseHandler._legacy_get_response of <django.core.handlers.wsgi.WSGIHandler object at 0x7f3acb85ef98>> request = <WSGIRequest: GET '/register/fc'> File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 124, in get_response 122 set_urlconf(settings.ROOT_URLCONF) 123 > 124 response = self._middleware_chain(request) 125 126 # This block is only needed for legacy MIDDLEWARE_CLASSES; if locals: request = <WSGIRequest: GET '/register/fc'> self = <django.core.handlers.wsgi.WSGIHandler object at 0x7f3acb85ef98> File "/usr/lib/python3/dist-packages/django/core/handlers/wsgi.py", line 157, in __call__ 155 signals.request_started.send(sender=self.__class__, environ=environ) 156 request = self.request_class(environ) > 157 response = self.get_response(request) 158 159 response._handler_class = self.__class__ locals: environ = {'HTTP_X_FORWARDED_SSL': 'on', 'HTTP_X_FORWARDED_PROTO': 'https', 'PATH_INFO': '/register/fc', 'wsgi.multiprocess': True, 'HTTP_X_PUBLIK_CLUSTER_BACKEND': 'wcs-balancer', 'HTTP_CONNECTION': 'close', 'REQUEST_METHOD': 'GET', 'SERVER_NAME': 'wcs', 'REQUEST_URI': '/register/fc', 'HTTP_X_REAL_IP': '176.175.106.74', 'SERVER_PORT': '80', 'HTTP_X_FORWARDED_PROTOCOL': 'ssl', 'HTTP_X_FORWARDED_FOR': '176.175.106.74, 176.175.106.74', 'HTTP_USER_AGENT': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)', 'wsgi.version': (1, 0), 'wsgi.file_wrapper': <built-in function uwsgi_sendfile>, 'wsgi.run_once': False, 'wsgi.url_scheme': 'https', 'SERVER_PROTOCOL': 'HTTP/1.0', 'SCRIPT_NAME': '', 'uwsgi.version': b'2.0.14-debian', 'wsgi.errors': <_io.TextIOWrapper name=2 mode='w' encoding='UTF-8'>, 'REMOTE_ADDR': '176.175.106.74', 'QUERY_STRING': '', 'wsgi.multithread': False, 'wsgi.input': <uwsgi._Input object at 0x7f3ac810a348>, 'uwsgi.node': b'wcs', 'HTTP_ACCEPT': '*/*', 'HTTP_HOST': 'formulaires.moncompte.departement13.fr'} request = <WSGIRequest: GET '/register/fc'> self = <django.core.handlers.wsgi.WSGIHandler object at 0x7f3acb85ef98> start_response = <built-in function uwsgi_spit> Cookies: Environment: HTTP_ACCEPT '*/*' HTTP_CONNECTION 'close' HTTP_HOST 'formulaires.moncompte.departement13.fr' HTTP_USER_AGENT 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)' HTTP_X_FORWARDED_FOR '176.175.106.74, 176.175.106.74' HTTP_X_FORWARDED_PROTO 'https' HTTP_X_FORWARDED_PROTOCOL 'ssl' HTTP_X_FORWARDED_SSL 'on' HTTP_X_PUBLIK_CLUSTER_BACKEND 'wcs-balancer' HTTP_X_REAL_IP '176.175.106.74' PATH_INFO '/register/fc' QUERY_STRING '' REMOTE_ADDR '176.175.106.74' REQUEST_METHOD 'GET' REQUEST_URI '/register/fc' SCRIPT_NAME '' SERVER_NAME 'wcs' SERVER_PORT '80' SERVER_PROTOCOL 'HTTP/1.0' uwsgi.node b'wcs' uwsgi.version b'2.0.14-debian' wsgi.errors <_io.TextIOWrapper name=2 mode='w' encoding='UTF-8'> wsgi.file_wrapper <built-in function uwsgi_sendfile> wsgi.input <uwsgi._Input object at 0x7f3ac810a348> wsgi.multiprocess True wsgi.multithread False wsgi.run_once False wsgi.url_scheme 'https' wsgi.version (1, 0)
Fichiers
Révisions associées
Historique
Mis à jour par Frédéric Péters il y a environ 4 ans
- Fichier 0001-ident-don-t-expose-register-page-if-it-doesn-t-exist.patch 0001-ident-don-t-expose-register-page-if-it-doesn-t-exist.patch ajouté
- Statut changé de Nouveau à Solution proposée
- Patch proposed changé de Non à Oui
Mis à jour par Benjamin Dauvergne il y a environ 4 ans
- Statut changé de Solution proposée à Solution validée
Mis à jour par Frédéric Péters il y a environ 4 ans
- Statut changé de Solution validée à Résolu (à déployer)
commit a6c58319331903d101343c514e387f7b38cbbd44 Author: Frédéric Péters <fpeters@entrouvert.com> Date: Wed Mar 25 09:01:55 2020 +0100 ident: don't expose register page if it doesn't exist for method (#40935)
Mis à jour par Frédéric Péters il y a environ 4 ans
- Statut changé de Résolu (à déployer) à Solution déployée
ident: don't expose register page if it doesn't exist for method (#40935)