search

netbox-community / netbox-topology-views

A netbox plugin that draws topology views
Apache License 2.0
757 stars 63 forks source link

SuspiciousFileOperation at /plugins/netbox_topology_views/images/ #362

Closed abhi1693 closed 1 year ago

abhi1693 commented 1 year ago

NetBox version

v3.5.7

Topology Views version

v3.6.2

Steps to Reproduce

Install a fresh instance of NetBox, load the plugin and from the menu open Images option.

Note: This happens only when debug is enabled.

Expected Behavior

Images page should open up

Observed Behavior

The joined path (/netbox_topology_views/img/core-switch.svg) is located outside of the base path component (/app/netbox/project-static/dist)
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 880, in _resolve_lookup
    current = current[bit]
TypeError: 'StaticFilesPanel' object is not subscriptable
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/django/core/handlers/exception.py", line 56, in inner
    response = get_response(request)
  File "/usr/local/lib/python3.10/site-packages/graphiql_debug_toolbar/middleware.py", line 70, in __call__
    response = super().__call__(request)
  File "/usr/local/lib/python3.10/site-packages/debug_toolbar/middleware.py", line 74, in __call__
    rendered = toolbar.render_toolbar()
  File "/usr/local/lib/python3.10/site-packages/debug_toolbar/toolbar.py", line 82, in render_toolbar
    return render_to_string("debug_toolbar/base.html", context)
  File "/usr/local/lib/python3.10/site-packages/django/template/loader.py", line 62, in render_to_string
    return template.render(context, request)
  File "/usr/local/lib/python3.10/site-packages/django/template/backends/django.py", line 61, in render
    return self.template.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 175, in render
    return self._render(context)
  File "/usr/local/lib/python3.10/site-packages/django/test/utils.py", line 111, in instrumented_test_render
    return self.nodelist.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in render
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in <listcomp>
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 966, in render_annotated
    return self.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/defaulttags.py", line 238, in render
    nodelist.append(node.render_annotated(context))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 966, in render_annotated
    return self.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/loader_tags.py", line 208, in render
    return template.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 177, in render
    return self._render(context)
  File "/usr/local/lib/python3.10/site-packages/django/test/utils.py", line 111, in instrumented_test_render
    return self.nodelist.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in render
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in <listcomp>
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 966, in render_annotated
    return self.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/defaulttags.py", line 321, in render
    return nodelist.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in render
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in <listcomp>
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 966, in render_annotated
    return self.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/defaulttags.py", line 321, in render
    return nodelist.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in render
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in <listcomp>
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 966, in render_annotated
    return self.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1064, in render
    output = self.filter_expression.resolve(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 715, in resolve
    obj = self.var.resolve(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 847, in resolve
    value = self._resolve_lookup(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 890, in _resolve_lookup
    current = getattr(current, bit)
  File "/usr/local/lib/python3.10/site-packages/debug_toolbar/panels/__init__.py", line 103, in content
    return render_to_string(self.template, self.get_stats())
  File "/usr/local/lib/python3.10/site-packages/django/template/loader.py", line 62, in render_to_string
    return template.render(context, request)
  File "/usr/local/lib/python3.10/site-packages/django/template/backends/django.py", line 61, in render
    return self.template.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 175, in render
    return self._render(context)
  File "/usr/local/lib/python3.10/site-packages/django/test/utils.py", line 111, in instrumented_test_render
    return self.nodelist.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in render
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in <listcomp>
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 966, in render_annotated
    return self.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/defaulttags.py", line 321, in render
    return nodelist.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in render
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1005, in <listcomp>
    return SafeString("".join([node.render_annotated(context) for node in self]))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 966, in render_annotated
    return self.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/defaulttags.py", line 238, in render
    nodelist.append(node.render_annotated(context))
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 966, in render_annotated
    return self.render(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 1064, in render
    output = self.filter_expression.resolve(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 715, in resolve
    obj = self.var.resolve(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 847, in resolve
    value = self._resolve_lookup(context)
  File "/usr/local/lib/python3.10/site-packages/django/template/base.py", line 914, in _resolve_lookup
    current = current()
  File "/usr/local/lib/python3.10/site-packages/debug_toolbar/panels/staticfiles.py", line 30, in real_path
    return finders.find(self.path)
  File "/usr/local/lib/python3.10/site-packages/django/contrib/staticfiles/finders.py", line 298, in find
    result = finder.find(path, all=all)
  File "/usr/local/lib/python3.10/site-packages/django/contrib/staticfiles/finders.py", line 124, in find
    matched_path = self.find_location(root, path, prefix)
  File "/usr/local/lib/python3.10/site-packages/django/contrib/staticfiles/finders.py", line 141, in find_location
    path = safe_join(root, path)
  File "/usr/local/lib/python3.10/site-packages/django/utils/_os.py", line 31, in safe_join
    raise SuspiciousFileOperation(
django.core.exceptions.SuspiciousFileOperation: The joined path (/netbox_topology_views/img/core-switch.svg) is located outside of the base path component (/app/netbox/project-static/dist)
Bad Request: /plugins/netbox_topology_views/images/
dreng commented 1 year ago

Please provide the exact steps you used to install NetBox and the plugin as there are many ways to do it I am not able to reproduce this.

Maybe there's some misunderstanding, so I suspect this to be a discussion instead of a bug.