Timezone query param is not validated
Checklist
This bug template is meant to provide bug issues for code existing in the aurweb repository. This bug template is not meant to handle bugs with user-uploaded packages.
To work out a bug you have found in a user-uploaded package, contact the package's maintainer first. If you receive no response, file the relevant package request against it so TUs can deal with cleanup.
-
I confirm that this is an issue with aurweb's code and not a user-uploaded package. -
I have described the bug in complete detail in the Description section. -
I have specified steps in the Reproduction section. -
I have included any logs related to the bug in the Logs section. -
I have included the versions which are affected in the Version(s) section.
Description
If a user pass query param on the URL for timezone information this not validated against valid Timezones
Reproduction
Add a query param on /packages/ request with timezone information like
/packages/paru?timezone=random-string
Logs
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/starlette/middleware/base.py", line 77, in call_next
message = await recv_stream.receive()
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/anyio/streams/memory.py", line 94, in receive
return self.receive_nowait()
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/anyio/streams/memory.py", line 87, in receive_nowait
raise EndOfStream
anyio.EndOfStream
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/srv/http/aurweb/aurweb/asgi.py", line 248, in add_security_headers
response = await util.error_or_result(call_next, request)
File "/srv/http/aurweb/aurweb/util.py", line 165, in error_or_result
response = await next(*args, **kwargs)
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/starlette/middleware/base.py", line 80, in call_next
raise app_exc
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/starlette/middleware/base.py", line 69, in coro
await self.app(scope, receive_or_disconnect, send_no_error)
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/prometheus_fastapi_instrumentator/middleware.py", line 103, in __call__
raise exc
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/prometheus_fastapi_instrumentator/middleware.py", line 101, in __call__
await self.app(scope, receive, send_wrapper)
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/starlette/middleware/exceptions.py", line 79, in __call__
raise exc
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/starlette/middleware/exceptions.py", line 68, in __call__
await self.app(scope, receive, sender)
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/fastapi/middleware/asyncexitstack.py", line 21, in __call__
raise e
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/fastapi/middleware/asyncexitstack.py", line 18, in __call__
await self.app(scope, receive, send)
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/starlette/routing.py", line 706, in __call__
await route.handle(scope, receive, send)
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/starlette/routing.py", line 276, in handle
await self.app(scope, receive, send)
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/starlette/routing.py", line 66, in app
response = await func(request)
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/fastapi/routing.py", line 237, in app
raw_response = await run_endpoint_function(
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/fastapi/routing.py", line 163, in run_endpoint_function
return await dependant.call(**values)
File "/srv/http/aurweb/aurweb/routers/packages.py", line 208, in package
return render_template(request, "packages/show.html", context)
File "/srv/http/aurweb/aurweb/templates.py", line 139, in render_template
rendered = render_raw_template(request, path, context)
File "/srv/http/aurweb/aurweb/templates.py", line 132, in render_raw_template
return template.render(context)
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/jinja2/environment.py", line 1301, in render
self.environment.handle_exception()
File "/srv/http/aurweb/.venv/lib/python3.10/site-packages/jinja2/environment.py", line 936, in handle_exception
raise rewrite_traceback_stack(source=source)
File "/srv/http/aurweb/templates/packages/show.html", line 1, in top-level template code
{% extends "partials/layout.html" %}
File "/srv/http/aurweb/templates/partials/layout.html", line 8, in top-level template code
{% extends 'partials/body.html' %}
File "/srv/http/aurweb/templates/partials/body.html", line 5, in top-level template code
{% block pageContent %}
File "/srv/http/aurweb/templates/packages/show.html", line 11, in block 'pageContent'
{% include "partials/packages/details.html" %}
File "/srv/http/aurweb/templates/partials/packages/details.html", line 156, in top-level template code
<td>{{ datetime_display(pkgbase.SubmittedTS) }}</td>
File "/srv/http/aurweb/aurweb/templates.py", line 55, in wrapper
return func(*args, **kwargs)
File "/srv/http/aurweb/aurweb/filters.py", line 166, in datetime_display
return date_strftime(context, dt, "%Y-%m-%d %H:%M (%Z)")
File "/srv/http/aurweb/aurweb/templates.py", line 55, in wrapper
return func(*args, **kwargs)
File "/srv/http/aurweb/aurweb/filters.py", line 154, in date_strftime
return as_timezone(dt, tz).strftime(fmt)
File "/srv/http/aurweb/aurweb/templates.py", line 41, in wrapper
return func(*args, **kwargs)
File "/srv/http/aurweb/aurweb/filters.py", line 101, in as_timezone
return dt.astimezone(tz=ZoneInfo(timezone))
File "/usr/lib/python3.10/zoneinfo/_common.py", line 24, in load_tzdata
raise ZoneInfoNotFoundError(f"No time zone found with key {key}")
zoneinfo._common.ZoneInfoNotFoundError: 'No time zone found with key Itg32'Version(s)
6.2.1