Invalid filter: 'bleach' causing Internal Error 500 on TemplateSyntaxError at /cwe/list/ and /finding/open/
eMVee-NL opened this issue · comments
While running a brand new fresh installation of peterport version 0.9 (docker installation) I was navigating and preparing the application for testing and possible an exam where I have to write a report... But then I noticed the two pages responding with an http status 500 caused by a syntax thingy in bleach...
Updated the issue because I had another location which was giving the same error.
Locations:
- /finding/closed/
- /finding/open/
- /cwe/list/
I've turned the debug modus on (true) and copied the error into this issue
Environment:
Request Method: GET
Request URL: http://127.0.0.1/finding/open/
Django Version: 3.2.5
Python Version: 3.8.10
Installed Applications:
['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'martor',
'django_bleach',
'preport']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Template error:
In template /opt/petereport/app/preport/templates/findings/findings_list.html, error at line 67
Invalid filter: 'bleach'
57 : <th style="width: 5%">CVSS</th>
58 : <th style="width: 20%">Report</th>
59 : <th style="width: 25%" class="text-center"> Actions</th>
60 : </tr>
61 : </thead>
62 :
63 : <tbody>
64 : {% for finding in DB_finding_query %}
65 : <tr>
66 : <td>
67 : {{ finding.title | bleach }}
68 : </td>
69 :
70 : <td>
71 :
72 : {% if finding.severity == "Critical" %}
73 : <b><font color="#CC0000">{{ finding.severity }}</font></b>
74 : {% elif finding.severity == "High" %}
75 : <b><font color="#F20000">{{ finding.severity }}</font></b>
76 : {% elif finding.severity == "Medium" %}
77 : <b><font color="#FC7F03">{{ finding.severity }}</font></b>
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.8/dist-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/opt/petereport/app/preport/views.py", line 1088, in openfindings
return render(request, 'findings/findings_list.html', {'DB_finding_query': DB_finding_query, 'count_finding_query': count_finding_query})
File "/usr/local/lib/python3.8/dist-packages/django/shortcuts.py", line 19, in render
content = loader.render_to_string(template_name, context, request, using=using)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 61, in render_to_string
template = get_template(template_name, using=using)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 15, in get_template
return engine.get_template(template_name)
File "/usr/local/lib/python3.8/dist-packages/django/template/backends/django.py", line 34, in get_template
return Template(self.engine.get_template(template_name), self)
File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 143, in get_template
template, origin = self.find_template(template_name)
File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 125, in find_template
template = loader.get_template(name, skip=skip)
File "/usr/local/lib/python3.8/dist-packages/django/template/loaders/base.py", line 29, in get_template
return Template(
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 155, in __init__
self.nodelist = self.compile_nodelist()
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 193, in compile_nodelist
return parser.parse()
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 278, in do_extends
nodelist = parser.parse()
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 216, in do_block
nodelist = parser.parse(('endblock',))
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.8/dist-packages/django/template/defaulttags.py", line 814, in do_for
nodelist_loop = parser.parse(('empty', 'endfor',))
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 449, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 447, in parse
filter_expression = self.compile_filter(token.contents)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 563, in compile_filter
return FilterExpression(token, self)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 657, in __init__
filter_func = parser.find_filter(filter_name)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 569, in find_filter
raise TemplateSyntaxError("Invalid filter: '%s'" % filter_name)
Exception Type: TemplateSyntaxError at /finding/open/
Exception Value: Invalid filter: 'bleach'
And
Environment:
Request Method: GET
Request URL: http://127.0.0.1/cwe/list/
Django Version: 3.2.5
Python Version: 3.8.10
Installed Applications:
['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'martor',
'django_bleach',
'preport']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Template error:
In template /opt/petereport/app/preport/templates/cwe/cwe_list.html, error at line 60
Invalid filter: 'bleach'
50 : </th>
51 :
52 : </tr>
53 : </thead>
54 : <tbody>
55 :
56 : {% for cwe in DB_cwe_query %}
57 :
58 : <tr>
59 : <td>
60 : <a href="https://cwe.mitre.org/data/definitions/{{cwe.cwe_id}}.html" target=”_blank”> {{ cwe.cwe_id | bleach}} - {{ cwe.cwe_name | bleach}}</a>
61 : </td>
62 : <td>
63 : {{ cwe.cwe_description | bleach}}
64 : </td>
65 :
66 :
67 : </tr>
68 :
69 : {% endfor %}
70 :
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.8/dist-packages/django/contrib/auth/decorators.py", line 21, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/opt/petereport/app/preport/views.py", line 1612, in cwe_list
return render(request, 'cwe/cwe_list.html', {'DB_cwe_query': DB_cwe_query})
File "/usr/local/lib/python3.8/dist-packages/django/shortcuts.py", line 19, in render
content = loader.render_to_string(template_name, context, request, using=using)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 61, in render_to_string
template = get_template(template_name, using=using)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader.py", line 15, in get_template
return engine.get_template(template_name)
File "/usr/local/lib/python3.8/dist-packages/django/template/backends/django.py", line 34, in get_template
return Template(self.engine.get_template(template_name), self)
File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 143, in get_template
template, origin = self.find_template(template_name)
File "/usr/local/lib/python3.8/dist-packages/django/template/engine.py", line 125, in find_template
template = loader.get_template(name, skip=skip)
File "/usr/local/lib/python3.8/dist-packages/django/template/loaders/base.py", line 29, in get_template
return Template(
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 155, in __init__
self.nodelist = self.compile_nodelist()
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 193, in compile_nodelist
return parser.parse()
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 278, in do_extends
nodelist = parser.parse()
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.8/dist-packages/django/template/loader_tags.py", line 216, in do_block
nodelist = parser.parse(('endblock',))
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 478, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 476, in parse
compiled_result = compile_func(self, token)
File "/usr/local/lib/python3.8/dist-packages/django/template/defaulttags.py", line 814, in do_for
nodelist_loop = parser.parse(('empty', 'endfor',))
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 449, in parse
raise self.error(token, e)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 447, in parse
filter_expression = self.compile_filter(token.contents)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 563, in compile_filter
return FilterExpression(token, self)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 657, in __init__
filter_func = parser.find_filter(filter_name)
File "/usr/local/lib/python3.8/dist-packages/django/template/base.py", line 569, in find_filter
raise TemplateSyntaxError("Invalid filter: '%s'" % filter_name)
Exception Type: TemplateSyntaxError at /cwe/list/
Exception Value: Invalid filter: 'bleach'
@mvdvaart my fault it seems I forgot to add the tag descriptor in that template file, until I upload a new version you can edit the file findings_list.html
and edit the header adding {% load bleach_tags %}
{% extends 'home/template.html' %}
{% load bleach_tags %}
{% block title %} Findings {% endblock title %}
{% block stylesheets %}
{{ block.super }}
{% endblock stylesheets %}
{% block content %}
...
Fixed in the last update