Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

handle ViewNotCallableError as 404 #1246

Merged
merged 7 commits into from
Jan 15, 2025
Merged

handle ViewNotCallableError as 404 #1246

merged 7 commits into from
Jan 15, 2025

Conversation

djay
Copy link
Contributor

@djay djay commented Jan 15, 2025
edited
Loading

This can happen in Plone with spam/pentests hitting @@images without a further traversal.

ViewNotCallableError: __call__
  File "ZPublisher/WSGIPublisher.py", line 181, in transaction_pubevents
    yield
  File "ZPublisher/WSGIPublisher.py", line 391, in publish_module
    response = _publish(request, new_mod_info)
  File "ZPublisher/WSGIPublisher.py", line 269, in publish
    obj = request.traverse(path, validated_hook=validate_user)
  File "ZPublisher/BaseRequest.py", line 483, in traverse
    object, default_path = adapter.browserDefault(self)
  File "/app/eggs/zope.browserpage-4.4.0-py3.9.egg/zope/browserpage/metaconfigure.py", line 434, in browserDefault
    meth = getattr(self, attr)
  File "app/eggs/Zope-5.8.5-py3.9.egg/Products/Five/browser/metaconfigure.py", line 448, in __call__
    raise ViewNotCallableError('__call__')

@djay djay mentioned this pull request Jan 15, 2025
Merged
@djay djay requested a review from dataflake January 15, 2025 06:41
dataflake
dataflake requested changes Jan 15, 2025
View reviewed changes
src/ZPublisher/BaseRequest.py Outdated Show resolved Hide resolved
@djay djay changed the title handle ViewNotCallableError as BadRequest handle ViewNotCallableError as 404 Jan 15, 2025
@perrinjerome
Copy link
Contributor

Would another approach of making ViewNotCallableError a subclass of zExceptions.NotFound work without any change to BaseRequest ? I was thinking that returning not found when a NotImplementedError is raised might be surprising during development.

@dataflake
Copy link
Member

I have no idea how disruptive that may be.

@perrinjerome
Copy link
Contributor

I don't know either, maybe it does not even translates to 404 response here, I suggested this as it seemed a possible easier implementation. In any case, the current approach seems OK.

@dataflake
Copy link
Member

Go ahead and merge

@dataflake dataflake merged commit a44db4e into master Jan 15, 2025
28 checks passed
@dataflake dataflake deleted the djay-traverse_badreqests branch January 15, 2025 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dataflake dataflake dataflake approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@djay @perrinjerome @dataflake