Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid filter: 'bleach' causing Internal Error 500 on TemplateSyntaxError at /cwe/list/ and /finding/open/ #48

Closed
eMVee-NL opened this issue May 7, 2022 · 2 comments
Closed

Invalid filter: 'bleach' causing Internal Error 500 on TemplateSyntaxError at /cwe/list/ and /finding/open/ #48

eMVee-NL opened this issue May 7, 2022 · 2 comments

Comments

@eMVee-NL
Copy link

eMVee-NL commented May 7, 2022
edited
Loading

While running a brand new fresh installation of peterport version 0.9 (docker installation) I was navigating and preparing the application for testing and possible an exam where I have to write a report... But then I noticed the two pages responding with an http status 500 caused by a syntax thingy in bleach...

Updated the issue because I had another location which was giving the same error.

Locations:

  1. /finding/closed/
  2. /finding/open/
  3. /cwe/list/

I've turned the debug modus on (true) and copied the error into this issue

Environment:


Request Method: GET
Request URL: http://127.0.0.1/finding/open/

Django Version: 3.2.5
Python Version: 3.8.10
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'martor',
 'django_bleach',
 'preport']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware']


Template error:
In template /opt/petereport/app/preport/templates/findings/findings_list.html, error at line 67
   Invalid filter: 'bleach'
   57 :                             <th style="width: 5%">CVSS</th>
   58 :                             <th style="width: 20%">Report</th>
   59 :                             <th style="width: 25%" class="text-center"> Actions</th>
   60 :                           </tr>
   61 :                         </thead>
   62 : 
   63 :                         <tbody>
   64 :                           {% for finding in DB_finding_query %}
   65 :                           <tr>
   66 :                                   <td>
   67 :                                        {{ finding.title  | bleach }} 
   68 :                                   </td>
   69 : 
   70 :                                   <td>
   71 :                                                                       
   72 :                                         {% if finding.severity == "Critical" %}
   73 :                                             <b><font color="#CC0000">{{ finding.severity }}</font></b>
   74 :                                         {% elif finding.severity == "High" %}
   75 :                                             <b><font color="#F20000">{{ finding.severity }}</font></b>
   76 :                                         {% elif finding.severity == "Medium" %}
   77 :                                             <b><font color="#FC7F03">{{ finding.severity }}</font></b>


Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python3.8/dist-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "/opt/petereport/app/preport/views.py", line 1088, in openfindings
    return render(request, 'findings/findings_list.html', {'DB_finding_query': DB_finding_query, 'count_finding_query': count_finding_query})
  File "/usr/local/lib/python3.8/dist-packages/django/shortcuts.py", line 19, in render
    content = loader.render_to_string(template_name, context, request, using=using)
  File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 61, in render_to_string
    template = get_template(template_name, using=using)
  File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 15, in get_template
    return engine.get_template(template_name)
  File "/usr/local/lib/python3.8/dist-packages/django/template/backends/django.py", line 34, in get_template
    return Template(self.engine.get_template(template_name), self)
  File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 143, in get_template
    template, origin = self.find_template(template_name)
  File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 125, in find_template
    template = loader.get_template(name, skip=skip)
  File "/usr/local/lib/python3.8/dist-packages/django/template/loaders/base.py", line 29, in get_template
    return Template(
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 155, in __init__
    self.nodelist = self.compile_nodelist()
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 193, in compile_nodelist
    return parser.parse()
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
    raise self.error(token, e)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
    compiled_result = compile_func(self, token)
  File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 278, in do_extends
    nodelist = parser.parse()
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
    raise self.error(token, e)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
    compiled_result = compile_func(self, token)
  File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 216, in do_block
    nodelist = parser.parse(('endblock',))
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
    raise self.error(token, e)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
    compiled_result = compile_func(self, token)
  File "/usr/local/lib/python3.8/dist-packages/django/template/defaulttags.py", line 814, in do_for
    nodelist_loop = parser.parse(('empty', 'endfor',))
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 449, in parse
    raise self.error(token, e)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 447, in parse
    filter_expression = self.compile_filter(token.contents)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 563, in compile_filter
    return FilterExpression(token, self)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 657, in __init__
    filter_func = parser.find_filter(filter_name)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 569, in find_filter
    raise TemplateSyntaxError("Invalid filter: '%s'" % filter_name)

Exception Type: TemplateSyntaxError at /finding/open/
Exception Value: Invalid filter: 'bleach'

And

Environment:


Request Method: GET
Request URL: http://127.0.0.1/cwe/list/

Django Version: 3.2.5
Python Version: 3.8.10
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'martor',
 'django_bleach',
 'preport']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware']


Template error:
In template /opt/petereport/app/preport/templates/cwe/cwe_list.html, error at line 60
   Invalid filter: 'bleach'
   50 :                       </th>
   51 : 
   52 :                   </tr>
   53 :               </thead>
   54 :               <tbody>
   55 : 
   56 :                   {% for cwe in DB_cwe_query %}
   57 : 
   58 :                     <tr>
   59 :                       <td>
   60 :                         <a href="https://cwe.mitre.org/data/definitions/{{cwe.cwe_id}}.html" target=”_blank”> {{ cwe.cwe_id  | bleach}}  - {{ cwe.cwe_name  | bleach}}</a>
   61 :                       </td>
   62 :                       <td>
   63 :                         {{ cwe.cwe_description  | bleach}}
   64 :                       </td>
   65 : 
   66 : 
   67 :                     </tr>
   68 :                      
   69 :                   {% endfor %}
   70 : 


Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python3.8/dist-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "/opt/petereport/app/preport/views.py", line 1612, in cwe_list
    return render(request, 'cwe/cwe_list.html', {'DB_cwe_query': DB_cwe_query})
  File "/usr/local/lib/python3.8/dist-packages/django/shortcuts.py", line 19, in render
    content = loader.render_to_string(template_name, context, request, using=using)
  File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 61, in render_to_string
    template = get_template(template_name, using=using)
  File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 15, in get_template
    return engine.get_template(template_name)
  File "/usr/local/lib/python3.8/dist-packages/django/template/backends/django.py", line 34, in get_template
    return Template(self.engine.get_template(template_name), self)
  File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 143, in get_template
    template, origin = self.find_template(template_name)
  File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 125, in find_template
    template = loader.get_template(name, skip=skip)
  File "/usr/local/lib/python3.8/dist-packages/django/template/loaders/base.py", line 29, in get_template
    return Template(
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 155, in __init__
    self.nodelist = self.compile_nodelist()
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 193, in compile_nodelist
    return parser.parse()
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
    raise self.error(token, e)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
    compiled_result = compile_func(self, token)
  File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 278, in do_extends
    nodelist = parser.parse()
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
    raise self.error(token, e)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
    compiled_result = compile_func(self, token)
  File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 216, in do_block
    nodelist = parser.parse(('endblock',))
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
    raise self.error(token, e)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
    compiled_result = compile_func(self, token)
  File "/usr/local/lib/python3.8/dist-packages/django/template/defaulttags.py", line 814, in do_for
    nodelist_loop = parser.parse(('empty', 'endfor',))
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 449, in parse
    raise self.error(token, e)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 447, in parse
    filter_expression = self.compile_filter(token.contents)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 563, in compile_filter
    return FilterExpression(token, self)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 657, in __init__
    filter_func = parser.find_filter(filter_name)
  File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 569, in find_filter
    raise TemplateSyntaxError("Invalid filter: '%s'" % filter_name)

Exception Type: TemplateSyntaxError at /cwe/list/
Exception Value: Invalid filter: 'bleach'
@1modm
Copy link
Owner

1modm commented May 8, 2022

@mvdvaart my fault it seems I forgot to add the tag descriptor in that template file, until I upload a new version you can edit the file findings_list.html and edit the header adding {% load bleach_tags %}

{% extends 'home/template.html' %}

{% load bleach_tags %}

{% block title %} Findings {% endblock title %}

{% block stylesheets %}
  {{ block.super }}
{% endblock stylesheets %}

{% block content %}
...

@1modm
Copy link
Owner

1modm commented May 20, 2022

Fixed in the last update

@1modm 1modm closed this as completed May 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@1modm @eMVee-NL