Closed Bug 806551 Opened 12 years ago Closed 12 years ago

[socorro-crashstats] another fuzzed daily query throws a 500 Internal Server Error

Categories

(Socorro :: Webapp, task)

task
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: stephend, Assigned: peterbe)

References

()

Details

(Whiteboard: [fuzzer])

Whiteboard: [fuzzer]
These all look like similar issues - 400 is coming back from mware and not being caught.
The django view could probably stand to do more validation here (so as not to waste the mware's time), but we should catch and send a 400 to the client instead of a 500.

Traceback:
File "/home/rhelmer/src/socorro-crashstats/vendor/lib/python/django/core/handlers/base.py" in get_response
  111.                         response = callback(request, *callback_args, **callback_kwargs)
File "/home/rhelmer/src/socorro-crashstats/crashstats/crashstats/views.py" in inner
  155.         return view(request, *args, **kwargs)
File "/home/rhelmer/src/socorro-crashstats/crashstats/crashstats/views.py" in daily
  459.         form_selection=form_selection
File "/home/rhelmer/src/socorro-crashstats/crashstats/crashstats/models.py" in get
  347.         return self.fetch(url % params)
File "/home/rhelmer/src/socorro-crashstats/crashstats/crashstats/models.py" in fetch
  126.             raise BadStatusCodeError('%s: on: %s' % (resp.status_code, url))

Exception Type: BadStatusCodeError at /daily
Exception Value: 400: on: http://socorro1.dev.dmz.phx1.mozilla.com/bpapi/crashes/daily/product/Firefox/versions/19.0a1/from_date/2012-10-16/to_date/2012-10-30/date_range_type/../../../../../../../../../../../../../../../../etc/passwd/separated_by/os/os/Windows%2BMac%20OS%20X%2BLinux
Assignee: nobody → peterbe
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Verified FIXED; all return, similar to:

date_range_type

    Select a valid choice. ../../../../../../../../../../../../../../../../etc/passwd is not one of the available choices.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.