starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Insufficent validation of boolean filters #7534

New Issue
Closed
opened 2025-12-29 20:24:51 +01:00 by adam · 0 comments
adam commented 2025-12-29 20:24:51 +01:00
Owner
Copy Link

Originally created by @candlerb on GitHub (Jan 19, 2023).

Originally assigned to: @jeremystretch on GitHub.

NetBox version

v3.4.2

Python version

3.8

Steps to Reproduce

curl -vsS -H "Authorization: Token $TOKEN" "$NETBOX/api/dcim/devices/?name__empty=asdf"

Expected Behavior

The request to be rejected with a 4xx status code (probably 400)

Observed Behavior

An exception was raised, returned with a 500 status code and E-mailed to admins.

Internal Server Error: /api/dcim/devices/

DataError at /api/dcim/devices/
invalid input syntax for type boolean: "asdf"
LINE 1: ... CAST(LENGTH("dcim_device"."name") AS BOOLEAN) != 'asdf') su...
                                                             ^
...
Traceback (most recent call last):
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
  File "/opt/netbox/venv/lib/python3.8/site-packages/django_prometheus/db/common.py", line 71, in execute
    return super().execute(*args, **kwargs)

The above exception (invalid input syntax for type boolean: "asdf"
LINE 1: ... CAST(LENGTH("dcim_device"."name") AS BOOLEAN) != 'asdf') su...
                                                             ^
) was the direct cause of the following exception:
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/core/handlers/base.py", line 197, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/viewsets.py", line 125, in view
    return self.dispatch(request, *args, **kwargs)
  File "/opt/netbox/netbox/netbox/api/viewsets/__init__.py", line 118, in dispatch
    return super().dispatch(request, *args, **kwargs)
  File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
  File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
  File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
  File "/opt/netbox/netbox/netbox/api/viewsets/__init__.py", line 149, in list
    return super().list(request, *args, **kwargs)
  File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/mixins.py", line 40, in list
    page = self.paginate_queryset(queryset)
  File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/generics.py", line 171, in paginate_queryset
    return self.paginator.paginate_queryset(queryset, self.request, view=self)
  File "/opt/netbox/netbox/netbox/api/pagination.py", line 19, in paginate_queryset
    self.count = self.get_queryset_count(queryset)
  File "/opt/netbox/netbox/netbox/api/pagination.py", line 85, in get_queryset_count
    return cloned_queryset.count()
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/models/query.py", line 621, in count
    return self.query.get_count(using=self.db)
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/models/sql/query.py", line 559, in get_count
    return obj.get_aggregation(using, ["__count"])["__count"]
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/models/sql/query.py", line 544, in get_aggregation
    result = compiler.execute_sql(SINGLE)
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/models/sql/compiler.py", line 1398, in execute_sql
    cursor.execute(sql, params)
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/backends/utils.py", line 67, in execute
    return self._execute_with_wrappers(
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/backends/utils.py", line 80, in _execute_with_wrappers
    return executor(sql, params, many, context)
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/utils.py", line 91, in __exit__
    raise dj_exc_value.with_traceback(traceback) from exc_value
  File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
  File "/opt/netbox/venv/lib/python3.8/site-packages/django_prometheus/db/common.py", line 71, in execute
    return super().execute(*args, **kwargs)

Exception Type: DataError at /api/dcim/devices/
Exception Value: invalid input syntax for type boolean: "asdf"
LINE 1: ... CAST(LENGTH("dcim_device"."name") AS BOOLEAN) != 'asdf') su...
                                                             ^

Raised during: dcim.api.views.DeviceViewSet
Originally created by @candlerb on GitHub (Jan 19, 2023). Originally assigned to: @jeremystretch on GitHub. ### NetBox version v3.4.2 ### Python version 3.8 ### Steps to Reproduce ``` curl -vsS -H "Authorization: Token $TOKEN" "$NETBOX/api/dcim/devices/?name__empty=asdf" ``` ### Expected Behavior The request to be rejected with a 4xx status code (probably 400) ### Observed Behavior An exception was raised, returned with a 500 status code and E-mailed to admins. ``` Internal Server Error: /api/dcim/devices/ DataError at /api/dcim/devices/ invalid input syntax for type boolean: "asdf" LINE 1: ... CAST(LENGTH("dcim_device"."name") AS BOOLEAN) != 'asdf') su... ^ ... Traceback (most recent call last): File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/backends/utils.py", line 89, in _execute return self.cursor.execute(sql, params) File "/opt/netbox/venv/lib/python3.8/site-packages/django_prometheus/db/common.py", line 71, in execute return super().execute(*args, **kwargs) The above exception (invalid input syntax for type boolean: "asdf" LINE 1: ... CAST(LENGTH("dcim_device"."name") AS BOOLEAN) != 'asdf') su... ^ ) was the direct cause of the following exception: File "/opt/netbox/venv/lib/python3.8/site-packages/django/core/handlers/exception.py", line 55, in inner response = get_response(request) File "/opt/netbox/venv/lib/python3.8/site-packages/django/core/handlers/base.py", line 197, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/opt/netbox/venv/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view return view_func(*args, **kwargs) File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/viewsets.py", line 125, in view return self.dispatch(request, *args, **kwargs) File "/opt/netbox/netbox/netbox/api/viewsets/__init__.py", line 118, in dispatch return super().dispatch(request, *args, **kwargs) File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/views.py", line 509, in dispatch response = self.handle_exception(exc) File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/views.py", line 469, in handle_exception self.raise_uncaught_exception(exc) File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception raise exc File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch response = handler(request, *args, **kwargs) File "/opt/netbox/netbox/netbox/api/viewsets/__init__.py", line 149, in list return super().list(request, *args, **kwargs) File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/mixins.py", line 40, in list page = self.paginate_queryset(queryset) File "/opt/netbox/venv/lib/python3.8/site-packages/rest_framework/generics.py", line 171, in paginate_queryset return self.paginator.paginate_queryset(queryset, self.request, view=self) File "/opt/netbox/netbox/netbox/api/pagination.py", line 19, in paginate_queryset self.count = self.get_queryset_count(queryset) File "/opt/netbox/netbox/netbox/api/pagination.py", line 85, in get_queryset_count return cloned_queryset.count() File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/models/query.py", line 621, in count return self.query.get_count(using=self.db) File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/models/sql/query.py", line 559, in get_count return obj.get_aggregation(using, ["__count"])["__count"] File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/models/sql/query.py", line 544, in get_aggregation result = compiler.execute_sql(SINGLE) File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/models/sql/compiler.py", line 1398, in execute_sql cursor.execute(sql, params) File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/backends/utils.py", line 67, in execute return self._execute_with_wrappers( File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/backends/utils.py", line 80, in _execute_with_wrappers return executor(sql, params, many, context) File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/backends/utils.py", line 89, in _execute return self.cursor.execute(sql, params) File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/utils.py", line 91, in __exit__ raise dj_exc_value.with_traceback(traceback) from exc_value File "/opt/netbox/venv/lib/python3.8/site-packages/django/db/backends/utils.py", line 89, in _execute return self.cursor.execute(sql, params) File "/opt/netbox/venv/lib/python3.8/site-packages/django_prometheus/db/common.py", line 71, in execute return super().execute(*args, **kwargs) Exception Type: DataError at /api/dcim/devices/ Exception Value: invalid input syntax for type boolean: "asdf" LINE 1: ... CAST(LENGTH("dcim_device"."name") AS BOOLEAN) != 'asdf') su... ^ Raised during: dcim.api.views.DeviceViewSet ```
adam added the type: bugstatus: accepted labels 2025-12-29 20:24:51 +01:00
adam closed this issue 2025-12-29 20:24:51 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label status: accepted type: bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#7534
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?