search

openwisp / django-netjsongraph

Network Topology Visualizer & Network Topology Collector
MIT License
141 stars 64 forks source link

ValueError: badly formed hexadecimal UUID string #4

Closed nemesifier closed 8 years ago

nemesifier commented 8 years ago

It seems possible to trigger a 500 response by sending a malformed UUID.

This bug probably affects both visualizer and API.

Stacktrace:

  File "django/core/handlers/base.py", line 149, in get_response
    response = self.process_exception_by_middleware(e, request)
  File "django/core/handlers/base.py", line 147, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "django_netjsongraph/visualizer/views.py", line 13, in topology_detail
    topology = get_object_or_404(Topology, pk=pk, published=True)
  File "django/shortcuts.py", line 155, in get_object_or_404
    return queryset.get(*args, **kwargs)
  File "django/db/models/query.py", line 381, in get
    num = len(clone)
  File "django/db/models/query.py", line 240, in __len__
    self._fetch_all()
  File "django/db/models/query.py", line 1074, in _fetch_all
    self._result_cache = list(self.iterator())
  File "django/db/models/query.py", line 52, in __iter__
    results = compiler.execute_sql()
  File "django/db/models/sql/compiler.py", line 841, in execute_sql
    sql, params = self.as_sql()
  File "django/db/models/sql/compiler.py", line 393, in as_sql
    where, w_params = self.compile(self.where) if self.where is not None else ("", [])
  File "django/db/models/sql/compiler.py", line 366, in compile
    sql, params = node.as_sql(self, self.connection)
  File "django/db/models/sql/where.py", line 79, in as_sql
    sql, params = compiler.compile(child)
  File "django/db/models/sql/compiler.py", line 366, in compile
    sql, params = node.as_sql(self, self.connection)
  File "django/db/models/lookups.py", line 158, in as_sql
    rhs_sql, rhs_params = self.process_rhs(compiler, connection)
  File "django/db/models/lookups.py", line 91, in process_rhs
    return self.get_db_prep_lookup(value, connection)
  File "django/db/models/lookups.py", line 62, in get_db_prep_lookup
    self.lookup_name, value, connection, prepared=True))
  File "django/db/models/fields/__init__.py", line 776, in get_db_prep_lookup
    prepared=prepared)]
  File "django/db/models/fields/__init__.py", line 2390, in get_db_prep_value
    value = uuid.UUID(value)
  File "python2.7/uuid.py", line 134, in __init__
    raise ValueError('badly formed hexadecimal UUID string')