You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Refinery crashes if someone accesses any of the Tastypie APIs with a query string containing format=xml. Tastypie documentation suggests:
"Support the minimum required set of formats in your application. If you do not require a format, it’s much safer to disable it completely. See TASTYPIE_DEFAULT_FORMATS setting."
Sample log entries:
Internal Server Error: /api/v1/analysis/
Traceback (most recent call last):
File "/home/ubuntu/.virtualenvs/refinery-platform/lib/python2.7/site-packages/django/core/handlers/base.py", line 111, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/ubuntu/.virtualenvs/refinery-platform/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view
return view_func(*args, **kwargs)
File "/home/ubuntu/.virtualenvs/refinery-platform/lib/python2.7/site-packages/tastypie/resources.py", line 249, in wrapper
return self._handle_500(request, e)
File "/home/ubuntu/.virtualenvs/refinery-platform/lib/python2.7/site-packages/tastypie/resources.py", line 289, in _handle_500
return self.error_response(request, data, response_class=response_class)
File "/home/ubuntu/.virtualenvs/refinery-platform/lib/python2.7/site-packages/tastypie/resources.py", line 1231, in error_response
serialized = self.serialize(request, errors, desired_format)
File "/home/ubuntu/.virtualenvs/refinery-platform/lib/python2.7/site-packages/tastypie/resources.py", line 371, in serialize
return self._meta.serializer.serialize(data, format, options)
File "/home/ubuntu/.virtualenvs/refinery-platform/lib/python2.7/site-packages/tastypie/serializers.py", line 202, in serialize
serialized = getattr(self, "to_%s" % desired_format)(bundle, options)
File "/home/ubuntu/.virtualenvs/refinery-platform/lib/python2.7/site-packages/tastypie/serializers.py", line 407, in to_xml
raise ImproperlyConfigured("Usage of the XML aspects requires lxml and defusedxml.")
ImproperlyConfigured: Usage of the XML aspects requires lxml and defusedxml.
Request repr():
<WSGIRequest
path:/api/v1/analysis/,
GET:<QueryDict: {u'format': [u'xml']}>,
POST:<QueryDict: {}>,
COOKIES:{'_ga': 'GA1.2.1748380814.1483628503',
'_gid': 'GA1.2.1622156721.1498255735',
'csrftoken': <redacted>,
'sessionid': <redacted>},
META:{'CONTEXT_DOCUMENT_ROOT': '/var/www',
'CONTEXT_PREFIX': '',
u'CSRF_COOKIE': <redacted>,
'DOCUMENT_ROOT': '/var/www',
'GATEWAY_INTERFACE': 'CGI/1.1',
'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'HTTP_ACCEPT_ENCODING': 'gzip, deflate, sdch, br',
'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.8,de;q=0.6',
'HTTP_CONNECTION': 'keep-alive',
'HTTP_COOKIE': 'sessionid=<redacted>; csrftoken=<redacted>; _ga=GA1.2.1748380814.1483628503; _gid=GA1.2.1622156721.1498255735',
'HTTP_DNT': '1',
'HTTP_HOST': 'beta.stemcellcommons.org',
'HTTP_UPGRADE_INSECURE_REQUESTS': '1',
'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36',
'HTTP_X_FORWARDED_FOR': '134.174.140.198',
'HTTP_X_FORWARDED_PORT': '443',
'HTTP_X_FORWARDED_PROTO': 'https',
'PATH_INFO': u'/api/v1/analysis/',
'PATH_TRANSLATED': '/srv/refinery-platform/refinery/config/wsgi_aws.py/api/v1/analysis/',
'QUERY_STRING': 'format=xml',
'REMOTE_ADDR': '172.31.55.84',
'REMOTE_PORT': '38050',
'REQUEST_METHOD': 'GET',
'REQUEST_SCHEME': 'http',
'REQUEST_URI': '/api/v1/analysis/?format=xml',
'SCRIPT_FILENAME': '/srv/refinery-platform/refinery/config/wsgi_aws.py',
'SCRIPT_NAME': u'',
'SCRIPT_URI': 'http://beta.stemcellcommons.org/api/v1/analysis/',
'SCRIPT_URL': '/api/v1/analysis/',
'SERVER_ADDR': '172.31.58.202',
'SERVER_ADMIN': '[no address given]',
'SERVER_NAME': 'beta.stemcellcommons.org',
'SERVER_PORT': '80',
'SERVER_PROTOCOL': 'HTTP/1.1',
'SERVER_SIGNATURE': '',
'SERVER_SOFTWARE': 'Apache/2.4.7 (Ubuntu)',
'mod_wsgi.application_group': 'beta.stemcellcommons.org|',
'mod_wsgi.callable_object': 'application',
'mod_wsgi.enable_sendfile': '0',
'mod_wsgi.handler_script': '',
'mod_wsgi.input_chunked': '0',
'mod_wsgi.listener_host': '',
'mod_wsgi.listener_port': '80',
'mod_wsgi.process_group': 'refinery',
'mod_wsgi.queue_start': '1498256030673627',
'mod_wsgi.request_handler': 'wsgi-script',
'mod_wsgi.script_reloading': '1',
'mod_wsgi.version': (3, 4),
'wsgi.errors': <mod_wsgi.Log object at 0x7f1b6c72c6b0>,
'wsgi.file_wrapper': <built-in method file_wrapper of mod_wsgi.Adapter object at 0x7f1b6c904990>,
'wsgi.input': <mod_wsgi.Input object at 0x7f1b6c72c470>,
'wsgi.multiprocess': False,
'wsgi.multithread': True,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>
The text was updated successfully, but these errors were encountered:
Refinery crashes if someone accesses any of the Tastypie APIs with a query string containing
format=xml
. Tastypie documentation suggests:"Support the minimum required set of formats in your application. If you do not require a format, it’s much safer to disable it completely. See TASTYPIE_DEFAULT_FORMATS setting."
Sample log entries:
The text was updated successfully, but these errors were encountered: