search

apluslms / mooc-jutut

Course feedback gathering and management tool. Used with A+ learning management system.
1 stars 12 forks source link

Regular expression crash in the feedback list #82

Closed markkuriekkinen closed 1 year ago

markkuriekkinen commented 1 year ago

Server crashed in the ManageFeedbacksListView. Regular expressions fullmatch() function call. re.error: nothing to repeat at position 0

Relevant part in the traceback. The full traceback is also listed below.

  File "/srv/jutut/mooc-jutut/feedback/views.py", line 597, in get_context_data
    update_context_for_feedbacks(self.request, context)
  File "/srv/jutut/mooc-jutut/feedback/views.py", line 545, in update_context_for_feedbacks
    context['conversations'] = [get_conversation_dict(c, fbs) for c, fbs in convs.items()]
  File "/srv/jutut/mooc-jutut/feedback/views.py", line 545, in <listcomp>
    context['conversations'] = [get_conversation_dict(c, fbs) for c, fbs in convs.items()]
  File "/srv/jutut/mooc-jutut/feedback/views.py", line 518, in get_conversation_dict
    if fullmatch(r_k, r_value):

Full traceback:

Internal Server Error: /manage/COURSEID/feedbacks/
Traceback (most recent call last):
  File "/srv/jutut/venv/lib/python3.8/site-packages/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
  File "/srv/jutut/venv/lib/python3.8/site-packages/django/core/handlers/base.py", line 197, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/srv/jutut/venv/lib/python3.8/site-packages/django/views/generic/base.py", line 104, in view
    return self.dispatch(request, *args, **kwargs)
  File "/srv/jutut/venv/lib/python3.8/site-packages/django/contrib/auth/mixins.py", line 73, in dispatch
    return super().dispatch(request, *args, **kwargs)
  File "/srv/jutut/venv/lib/python3.8/site-packages/django/contrib/auth/mixins.py", line 135, in dispatch
    return super().dispatch(request, *args, **kwargs)
  File "/srv/jutut/venv/lib/python3.8/site-packages/django/views/generic/base.py", line 143, in dispatch
    return handler(request, *args, **kwargs)
  File "/srv/jutut/venv/lib/python3.8/site-packages/django/views/generic/list.py", line 174, in get
    context = self.get_context_data()
  File "/srv/jutut/mooc-jutut/feedback/views.py", line 597, in get_context_data
    update_context_for_feedbacks(self.request, context)
  File "/srv/jutut/mooc-jutut/feedback/views.py", line 545, in update_context_for_feedbacks
    context['conversations'] = [get_conversation_dict(c, fbs) for c, fbs in convs.items()]
  File "/srv/jutut/mooc-jutut/feedback/views.py", line 545, in <listcomp>
    context['conversations'] = [get_conversation_dict(c, fbs) for c, fbs in convs.items()]
  File "/srv/jutut/mooc-jutut/feedback/views.py", line 518, in get_conversation_dict
    if fullmatch(r_k, r_value):
  File "/usr/lib/python3.8/re.py", line 196, in fullmatch
    return _compile(pattern, flags).fullmatch(string)
  File "/usr/lib/python3.8/re.py", line 304, in _compile
    p = sre_compile.compile(pattern, flags)
  File "/usr/lib/python3.8/sre_compile.py", line 764, in compile
    p = sre_parse.parse(p, flags)
  File "/usr/lib/python3.8/sre_parse.py", line 948, in parse
    p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
  File "/usr/lib/python3.8/sre_parse.py", line 443, in _parse_sub
    itemsappend(_parse(source, state, verbose, nested + 1,
  File "/usr/lib/python3.8/sre_parse.py", line 668, in _parse
    raise source.error("nothing to repeat",
re.error: nothing to repeat at position 0
ihalaij1 commented 1 year ago

The code that crashed was modified in this commit: https://github.com/apluslms/mooc-jutut/commit/edd6866a0b79a62752377e4a3b2fe76ac462819a#diff-57474d9eceffcf4c288548a5c3cea35bd56475183c8356e323972143d7c61149L502-R519

jsorva commented 1 year ago

I don’t know if this is related or a separate issue, but I’ve found that it’s possible to crash Jutut by doing this:

image

Note that the regex under "response value" is invalid.

If you make a context tag like that (in O1) and try to load any messages in Jutut → 500 error.

markkuriekkinen commented 1 year ago

@jsorva I think that is relevant for this issue. @ihalaij1, what do you think of jsorva's comment above?

ihalaij1 commented 1 year ago

@jsorva I think that is relevant for this issue. @ihalaij1, what do you think of jsorva's comment above?

Yes, this is now fixed in the PR. @jsorva if you want to use an asterisk in the context tag, you should write it like this: .* (dot matches any character and asterisk matches zero or higher number of characters)

jsorva commented 1 year ago

Yes, this is now fixed in the PR. @jsorva if you want to use an asterisk in the context tag, you should write it like this: .* (dot matches any character and asterisk matches zero or higher number of characters)

Thanks! (And yes, I’ve solved the context tag issue.)