search

Syslifters / sysreptor

Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
https://docs.sysreptor.com
Other
1.34k stars 131 forks source link

Sorting Finding Templates causes the application to crash #290

Closed SBird1337 closed 1 month ago

SBird1337 commented 1 month ago

When sorting finding templates by anything but severity (i.e. created or updated) it causes the application to crash. The Frontend displays "Failed to load data" until you revert the sort order back to severity.

Application Version: 2024.58 License Type: community

The application container throws the following error when switching to the broken sort:

2024-07-16 13:57:04,899 [ERROR] root: Cannot resolve keyword '-created' into field. Choices are: copy_of, copy_of_id, created, findingtemplate, id, images, lock_info_data, main_translation, main_translation_id, risk_level_number, risk_score_number, source, tags, translations, updated, usage_count
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/asgiref/sync.py", line 518, in thread_handler
    raise exc_info[1]
  File "/usr/local/lib/python3.12/site-packages/django/core/handlers/base.py", line 253, in _get_response_async
    response = await wrapped_callback(
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/asgiref/sync.py", line 468, in __call__
    ret = await asyncio.shield(exec_coro)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/asgiref/current_thread_executor.py", line 40, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/asgiref/sync.py", line 522, in thread_handler
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/django/views/decorators/csrf.py", line 65, in _view_wrapper
    return view_func(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/rest_framework/viewsets.py", line 124, in view
    return self.dispatch(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/usr/local/lib/python3.12/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
  File "/usr/local/lib/python3.12/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/rest_framework/mixins.py", line 38, in list
    queryset = self.filter_queryset(self.get_queryset())
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/rest_framework/generics.py", line 154, in filter_queryset
    queryset = backend().filter_queryset(self.request, queryset, self)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/api/reportcreator_api/pentests/views.py", line 1282, in filter_queryset
    return queryset \
           ^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/django/db/models/query.py", line 1701, in order_by
    obj.query.add_ordering(*field_names)
  File "/usr/local/lib/python3.12/site-packages/django/db/models/sql/query.py", line 2253, in add_ordering
    self.names_to_path(item.split(LOOKUP_SEP), self.model._meta)
  File "/usr/local/lib/python3.12/site-packages/django/db/models/sql/query.py", line 1772, in names_to_path
    raise FieldError(
django.core.exceptions.FieldError: Cannot resolve keyword '-created' into field. Choices are: copy_of, copy_of_id, created, findingtemplate, id, images, lock_info_data, main_translation, main_translation_id, risk_level_number, risk_score_number, source, tags, translations, updated, usage_count
2024-07-16 13:57:04,904 [INFO] root: GET /api/v1/findingtemplates/?ordering=-created 500 (user=auer)
2024-07-16 13:57:05,047 [ERROR] root: Cannot resolve keyword '-created' into field. Choices are: copy_of, copy_of_id, created, findingtemplate, id, images, lock_info_data, main_translation, main_translation_id, risk_level_number, risk_score_number, source, tags, translations, updated, usage_count
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/asgiref/sync.py", line 518, in thread_handler
    raise exc_info[1]
  File "/usr/local/lib/python3.12/site-packages/django/core/handlers/base.py", line 253, in _get_response_async
    response = await wrapped_callback(
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/asgiref/sync.py", line 468, in __call__
    ret = await asyncio.shield(exec_coro)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/asgiref/current_thread_executor.py", line 40, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/asgiref/sync.py", line 522, in thread_handler
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/django/views/decorators/csrf.py", line 65, in _view_wrapper
    return view_func(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/rest_framework/viewsets.py", line 124, in view
    return self.dispatch(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/usr/local/lib/python3.12/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
  File "/usr/local/lib/python3.12/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/rest_framework/mixins.py", line 38, in list
    queryset = self.filter_queryset(self.get_queryset())
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/rest_framework/generics.py", line 154, in filter_queryset
    queryset = backend().filter_queryset(self.request, queryset, self)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/api/reportcreator_api/pentests/views.py", line 1282, in filter_queryset
    return queryset \
           ^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/django/db/models/query.py", line 1701, in order_by
    obj.query.add_ordering(*field_names)
  File "/usr/local/lib/python3.12/site-packages/django/db/models/sql/query.py", line 2253, in add_ordering
    self.names_to_path(item.split(LOOKUP_SEP), self.model._meta)
  File "/usr/local/lib/python3.12/site-packages/django/db/models/sql/query.py", line 1772, in names_to_path
    raise FieldError(
django.core.exceptions.FieldError: Cannot resolve keyword '-created' into field. Choices are: copy_of, copy_of_id, created, findingtemplate, id, images, lock_info_data, main_translation, main_translation_id, risk_level_number, risk_score_number, source, tags, translations, updated, usage_count

I did not yet investigate further but my guess would be some typo due to the keyword being -created instead of created?

aronmolnar commented 1 month ago

Thanks, we'll have a look at it.

MWedl commented 1 month ago

Fixed in https://github.com/Syslifters/sysreptor/releases/tag/2024.60