Closed Bug 803388 Opened 12 years ago Closed 12 years ago

[socorro-crashstats] 500 Internal Server Error in frontpage_json, fuzzing

Categories

(Socorro :: Webapp, task)

task
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: stephend, Assigned: peterbe)

References

()

Details

(Whiteboard: [fuzzer])

I'd guess that we're not encoding the "signature" param:

Traceback:
File "/home/rhelmer/src/socorro-crashstats/vendor/lib/python/django/core/handlers/base.py" in get_response
  111.                         response = callback(request, *callback_args, **callback_kwargs)
File "/home/rhelmer/src/socorro-crashstats/crashstats/crashstats/utils.py" in wrapper
  31.         response = f(*args, **kw)
File "/home/rhelmer/src/socorro-crashstats/crashstats/crashstats/views.py" in inner
  149.         return view(request, *args, **kwargs)
File "/home/rhelmer/src/socorro-crashstats/crashstats/crashstats/views.py" in frontpage_json
  221.         date_range_type=params['date_range_type']
File "/home/rhelmer/src/socorro-crashstats/crashstats/crashstats/models.py" in get
  274.         return self.fetch(url % params)
File "/home/rhelmer/src/socorro-crashstats/crashstats/crashstats/models.py" in fetch
  119.             raise BadStatusCodeError('%s: on: %s' % (resp.status_code, url))

Exception Type: BadStatusCodeError at /home/frontpage_json
Exception Value: 404: on: http://socorro1.dev.dmz.phx1.mozilla.com/bpapi/crashes/daily/product/%3C%21--%23EXEC%20cmd%3D%22ls%20%2F%22--%3E/versions//date_range_type/report
Assignee: nobody → peterbe
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Verified FIXED; now getting:

product

    Select a valid choice. <!--#EXEC cmd="ls /"--> is not one of the available choices.
Status: RESOLVED → VERIFIED
Whiteboard: [fuzzer]
BTW I think this broke the ability to select a single version on the frontpage (this feature seems fairly useless imho, but there it is).

I have a fix in bug 803676 but I thought you might have a different approach in mind (looks like the FrontpageJSON form is expecting 'versions' via request.GET but is getting 'version' instead)
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
re-closing and filing bug 807040 as a followup.
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → FIXED
Verified FIXED; now getting:

product

    Select a valid choice. <!--#EXEC cmd="ls /"--> is not one of the available choices.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.