Handle null byte searches

Some vulnerability scanners try to find security issues in all webforms and submit invalid null byte into the search from. This is cleaned out by django and leads to 'q' not being set which gives a 500 error. Check if the 'q' key exists in the cleaned_data if not return an empty list. Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>

Handle null byte searches
Some vulnerability scanners try to find security issues in all webforms and submit invalid null byte into the search from. This is cleaned out by django and leads to 'q' not being set which gives a 500 error. Check if the 'q' key exists in the cleaned_data if not return an empty list. Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
c47aacb3 · Jelle van der Waa · 4678d90c · c47aacb3
Commit c47aacb3 authored Jul 28, 2019 by Jelle van der Waa 🚧
--- a/packages/views/search.py
+++ b/packages/views/search.py
@@ -59,6 +59,8 @@ def exact_matches(self):
        # only do exact match search if 'q' is sole parameter
        if self.changed_data != ['q']:
            return []
+        if 'q' not in self.cleaned_data:
+            return []
        return Package.objects.normal().filter(pkgname=self.cleaned_data['q'])