Handle null byte searches

Some vulnerability scanners try to find security issues in all webforms and submit invalid null byte into the search from. This is cleaned out by django and leads to 'q' not being set which gives a 500 error. Check if the 'q' key exists in the cleaned_data if not return an empty list. Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
author: Jelle van der Waa <jelle@vdwaa.nl> 2019-07-28 12:29:32 +0200
committer: Jelle van der Waa <jelle@vdwaa.nl> 2019-07-28 12:29:32 +0200
commit: c47aacb30fbf14b3b9ea1f0d05c0a3b08311f9e8 (patch)
tree: 2cf4b0dbb25b6c0546c1913a73b7142c2738d12a
parent: 4678d90c86078e0f43648193242d07635e107c1f (diff)
download: archweb-c47aacb30fbf14b3b9ea1f0d05c0a3b08311f9e8.tar.gz
archweb-c47aacb30fbf14b3b9ea1f0d05c0a3b08311f9e8.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/packages/views/search.py b/packages/views/search.py
index 4bcd5fa1..c0289856 100644
--- a/packages/views/search.py
+++ b/packages/views/search.py
@@ -59,6 +59,8 @@ class PackageSearchForm(forms.Form):
         # only do exact match search if 'q' is sole parameter
         if self.changed_data != ['q']:
             return []
+        if 'q' not in self.cleaned_data:
+            return []
         return Package.objects.normal().filter(pkgname=self.cleaned_data['q'])
author	Jelle van der Waa <jelle@vdwaa.nl>	2019-07-28 12:29:32 +0200
committer	Jelle van der Waa <jelle@vdwaa.nl>	2019-07-28 12:29:32 +0200
commit	c47aacb30fbf14b3b9ea1f0d05c0a3b08311f9e8 (patch)
tree	2cf4b0dbb25b6c0546c1913a73b7142c2738d12a
parent	4678d90c86078e0f43648193242d07635e107c1f (diff)
download	archweb-c47aacb30fbf14b3b9ea1f0d05c0a3b08311f9e8.tar.gz archweb-c47aacb30fbf14b3b9ea1f0d05c0a3b08311f9e8.zip