Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Catch error when adding netbox with invalid ip #2764

Merged

Conversation

johannaengland
Copy link
Contributor

Another thing that popped up during the pentest.

Copy link

codecov bot commented Nov 24, 2023

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (cce6311) 56.01% compared to head (b2a8af8) 56.16%.

Files Patch % Lines
python/nav/web/seeddb/page/netbox/edit.py 0.00% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##            5.8.x    #2764      +/-   ##
==========================================
+ Coverage   56.01%   56.16%   +0.15%     
==========================================
  Files         567      567              
  Lines       41277    41277              
==========================================
+ Hits        23121    23185      +64     
+ Misses      18156    18092      -64     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link

github-actions bot commented Nov 24, 2023

Test results

     12 files       12 suites   11m 34s ⏱️
3 295 tests 3 295 ✔️ 0 💤 0
9 360 runs  9 360 ✔️ 0 💤 0

Results for commit b2a8af8.

♻️ This comment has been updated with latest results.

@johannaengland johannaengland force-pushed the bugfix/add-netbox-with-invalid-ip branch from 0ccc425 to b2a8af8 Compare November 28, 2023 08:35
@johannaengland johannaengland changed the base branch from master to 5.8.x November 28, 2023 08:35
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@lunkwill42
Copy link
Member

I might add that this is the traceback generated by this kind of input in the IP address field:

Environment:


Request Method: POST
Request URL: http://localhost/seeddb/netbox/add/

Django Version: 3.2.23
Python Version: 3.9.2
Installed Applications:
('nav.models',
 'nav.web',
 'nav.django',
 'django.contrib.staticfiles',
 'django.contrib.sessions',
 'django.contrib.humanize',
 'django_filters',
 'crispy_forms',
 'crispy_forms_foundation',
 'rest_framework',
 'nav.auditlog',
 'nav.web.macwatch',
 'nav.web.geomap',
 'nav.portadmin.napalm',
 'nav.web.portadmin',
 'django.contrib.postgres')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'nav.web.auth.middleware.AuthenticationMiddleware',
 'nav.web.auth.middleware.AuthorizationMiddleware',
 'nav.django.legacy.LegacyCleanupMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')



Traceback (most recent call last):
  File "/source/python/nav/web/seeddb/utils/edit.py", line 137, in resolve_ip_and_sysname
    ip_addr = IP(name)
  File "/usr/local/lib/python3.9/dist-packages/IPy.py", line 249, in __init__
    (self.ip, parsedVersion) = parseAddress(ip, ipversion)
  File "/usr/local/lib/python3.9/dist-packages/IPy.py", line 1422, in parseAddress
    bytes = [int(x) for x in bytes]
  File "/usr/local/lib/python3.9/dist-packages/IPy.py", line 1422, in <listcomp>
    bytes = [int(x) for x in bytes]

During handling of the above exception (invalid literal for int() with base 10: "16'))) OR 2121=(SELECT COUNT(*) FROM GENERATE_SERIES(1,15000000)) AND ((('FRyc' LIKE 'FRyc"), another exception occurred:
  File "/usr/lib/python3.9/encodings/idna.py", line 167, in encode
    raise UnicodeError("label too long")

The above exception (label too long) was the direct cause of the following exception:
  File "/usr/local/lib/python3.9/dist-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.9/dist-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/source/python/nav/web/seeddb/page/netbox/edit.py", line 94, in netbox_edit
    if form.is_valid():
  File "/usr/local/lib/python3.9/dist-packages/django/forms/forms.py", line 175, in is_valid
    return self.is_bound and not self.errors
  File "/usr/local/lib/python3.9/dist-packages/django/forms/forms.py", line 170, in errors
    self.full_clean()
  File "/usr/local/lib/python3.9/dist-packages/django/forms/forms.py", line 372, in full_clean
    self._clean_fields()
  File "/usr/local/lib/python3.9/dist-packages/django/forms/forms.py", line 393, in _clean_fields
    value = getattr(self, 'clean_%s' % name)()
  File "/source/python/nav/web/seeddb/page/netbox/forms.py", line 206, in clean_ip
    ip, _ = resolve_ip_and_sysname(name)
  File "/source/python/nav/web/seeddb/utils/edit.py", line 139, in resolve_ip_and_sysname
    ip_addr = IP(gethostbyname(name))

Exception Type: UnicodeError at /seeddb/netbox/add/
Exception Value: encoding with 'idna' codec failed (UnicodeError: label too long)

@lunkwill42 lunkwill42 merged commit cbad667 into Uninett:5.8.x Nov 28, 2023
12 of 13 checks passed
@johannaengland johannaengland deleted the bugfix/add-netbox-with-invalid-ip branch April 30, 2024 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants