Snekbox fails with a (presumably non-exploitable) 500 error:
[FALCON] [ERROR] POST /eval => Traceback (most recent call last):
File "falcon/app.py", line 386, in falcon.app.App.__call__
File "falcon/app.py", line 1070, in falcon.app.App._get_body
File "falcon/response.py", line 270, in falcon.response.Response.render_body
File "falcon/media/json.py", line 179, in falcon.media.json.JSONHandler._serialize_s
UnicodeEncodeError: 'utf-8' codec can't encode character '\udcc3' in position 279: surrogates not allowed
The following test code:
Snekbox fails with a (presumably non-exploitable) 500 error:
This is because the filename for included files (since https://github.com/python-discord/bot/pull/2326 ) doesn't handle arbitrary bytes in filenames.
Presumably safe_path (https://github.com/python-discord/snekbox/blob/d6e940065552d2e46a0ddebd72dcd9b6a8348c4a/snekbox/snekio/attachment.py#L14) needs to be updated to catch invalid byte sequences that will fail JSON encoding.