Project

General

Profile

Actions

Bug #7780

closed

Error when sending 0x00 characters

Added by Rajmund Hruška 2 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
Start date:
09/13/2024
Due date:
% Done:

0%

Estimated time:
To be discussed:
No

Description

Request: /auth_pwd/register?next=
User: flabcesnett1
Session: <SecureCookieSession {'_fresh': False, '_id': '4058e25ab9be32025ddba6baf8b519183b88b018ff4df203114a331029ff06b77652fcf481f01c986ac56a
1b2a542a815613d498b60efce34fb6c81ed005c29b', '_user_id': '5', 'csrf_token': '50db1e6749f75614a3647cc29d37a062b7ac1348', 'identity.auth_type': 
None, 'identity.id': '5', 'locale': 'cs', 'timezone': 'Africa/Abidjan'}>
Traceback:
Traceback (most recent call last):
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/app.py", line 2529, in wsgi_app
    response = self.full_dispatch_request()
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/app.py", line 1825, in full_dispatch_request
    rv = self.handle_user_exception(e)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/views.py", line 107, in view
    return current_app.ensure_sync(self.dispatch_request)(**kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/hawat/view/__init__.py", line 1714, in dispatch_request
    if form.validate_on_submit():
       ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask_wtf/form.py", line 86, in validate_on_submit
    return self.is_submitted() and self.validate(extra_validators=extra_validators)
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/wtforms/form.py", line 329, in validate
    return super().validate(extra)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/wtforms/fields/core.py", line 246, in validate
    stop_validation = self._run_validation_chain(form, chain)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/wtforms/fields/core.py", line 266, in _run_validation_chain
    validator(form, self)
  File "/var/mentat/venv/lib/python3.11/site-packages/hawat/forms.py", line 173, in check_unique_login
    user = hawat.db.db_session().query(user_model).filter_by(login=field.data).first()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/orm/query.py", line 2728, in first
    return self.limit(1)._iter().first()  # type: ignore
           ^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/orm/query.py", line 2827, in _iter
    result: Union[ScalarResult[_T], Result[_T]] = self.session.execute(
                                                  ^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/orm/session.py", line 2362, in execute
    return self._execute_internal(
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/orm/session.py", line 2247, in _execute_internal
    result: Result[Any] = compile_state_cls.orm_execute_statement(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/orm/context.py", line 293, in orm_execute_statement
    result = conn.execute(
             ^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/engine/base.py", line 1418, in execute
    return meth(
           ^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/sql/elements.py", line 515, in _execute_on_connection
    return connection._execute_clauseelement(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/engine/base.py", line 1640, in _execute_clauseelement
    ret = self._execute_context(
          ^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/engine/base.py", line 1846, in _execute_context
    return self._exec_single_context(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/engine/base.py", line 1986, in _exec_single_context
    self._handle_dbapi_exception(
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/engine/base.py", line 2358, in _handle_dbapi_exception
    raise exc_info[1].with_traceback(exc_info[2])
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/engine/base.py", line 1967, in _exec_single_context
    self.dialect.do_execute(
  File "/var/mentat/venv/lib/python3.11/site-packages/sqlalchemy/engine/default.py", line 941, in do_execute
    cursor.execute(statement, parameters)
ValueError: A string literal cannot contain NUL (0x00) characters.
 [in /var/mentat/venv/lib/python3.11/site-packages/hawat/base.py:203]

Actions #1

Updated by Rajmund Hruška 2 months ago

Similar issue on update:

Request: /users/5/update?
User: flabcesnett1
Session: <SecureCookieSession {'_fresh': False, '_id': '4058e25ab9be32025ddba6baf8b519183b88b018ff4df203114a331029ff06b77652fcf481f01c986ac56a1b2a542a815613d498b60efce34fb6c81ed005c29b', '_user_id': '5', 'csrf_token': '07826a5ef8ec563534ba03ac17956df63e5a39d9', 'identity.auth_type': None, 'identity.id': '5', 'locale': 'en', 'timezone': 'Africa/Abidjan', '_flashes': [('success', Markup('User account <strong>flabcesnett1</strong> was successfully updated.')), ('danger', Markup('Unable to update user account <strong>flabcesnett1</strong>.'))]}>
Traceback:
Traceback (most recent call last):
  File "/var/mentat/venv/lib/python3.11/site-packages/hawat/view/__init__.py", line 2278, in dispatch_request
    return self.redirect(default_url = self.get_url_next())
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/hawat/view/mixin.py", line 81, in redirect
    return flask.redirect(
           ^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/helpers.py", line 285, in redirect
    return current_app.redirect(location, code=code)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/app.py", line 2054, in redirect
    return _wz_redirect(location, code=code, Response=self.response_class)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/werkzeug/utils.py", line 277, in redirect
    response.headers["Location"] = location
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/werkzeug/datastructures/headers.py", line 408, in __setitem__
    self.set(key, value)
  File "/var/mentat/venv/lib/python3.11/site-packages/werkzeug/datastructures/headers.py", line 330, in set
    _value = _str_header_value(_value)
             ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/werkzeug/datastructures/headers.py", line 513, in _str_header_value
    raise ValueError("Header values must not contain newline characters.")
ValueError: Header values must not contain newline characters.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/app.py", line 2529, in wsgi_app
    response = self.full_dispatch_request()
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/app.py", line 1825, in full_dispatch_request
    rv = self.handle_user_exception(e)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask_login/utils.py", line 290, in decorated_view
    return current_app.ensure_sync(func)(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/views.py", line 107, in view
    return current_app.ensure_sync(self.dispatch_request)(**kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/hawat/view/__init__.py", line 2281, in dispatch_request
    return self.handle_error(item = item)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/hawat/view/__init__.py", line 1530, in handle_error
    return self.redirect(default_url = self.get_url_next())
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/hawat/view/mixin.py", line 81, in redirect
    return flask.redirect(
           ^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/helpers.py", line 285, in redirect
    return current_app.redirect(location, code=code)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/flask/app.py", line 2054, in redirect
    return _wz_redirect(location, code=code, Response=self.response_class)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/werkzeug/utils.py", line 277, in redirect
    response.headers["Location"] = location
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/werkzeug/datastructures/headers.py", line 408, in __setitem__
    self.set(key, value)
  File "/var/mentat/venv/lib/python3.11/site-packages/werkzeug/datastructures/headers.py", line 330, in set
    _value = _str_header_value(_value)
             ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/mentat/venv/lib/python3.11/site-packages/werkzeug/datastructures/headers.py", line 513, in _str_header_value
    raise ValueError("Header values must not contain newline characters.")
ValueError: Header values must not contain newline characters.

Actions #2

Updated by Jakub Maloštik 2 months ago

  • Status changed from New to In Progress
  • Assignee set to Jakub Maloštik
Actions #3

Updated by Jakub Maloštik about 2 months ago

  • Status changed from In Progress to Resolved
Actions #4

Updated by Rajmund Hruška about 2 months ago

  • Target version changed from Backlog to 2.14
Actions #5

Updated by Rajmund Hruška about 2 months ago

  • Status changed from Resolved to In Review
  • Target version changed from 2.14 to 2.13.2
Actions #6

Updated by Rajmund Hruška about 2 months ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF