Skip to content
This repository has been archived by the owner on Oct 23, 2023. It is now read-only.

"ValueError: unsupported format character ''' (0x27)" in Django client #1287

Open
johanndt opened this issue Aug 15, 2018 · 0 comments
Open

"ValueError: unsupported format character ''' (0x27)" in Django client #1287

johanndt opened this issue Aug 15, 2018 · 0 comments

Comments

@johanndt
Copy link

johanndt commented Aug 15, 2018
edited

We've had raven throw the above exception quite regularly in Django. Here is the full trace:

Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 253, in trace_task
    I, R, state, retval = on_error(task_request, exc, uuid)
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 201, in on_error
    R = I.handle_error_state(task, eager=eager)
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 85, in handle_error_state
    }[self.state](task, store_errors=store_errors)
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 125, in handle_failure
    einfo=einfo)
  File "/usr/local/lib/python3.5/dist-packages/celery/utils/dispatch/signal.py", line 166, in send
    response = receiver(signal=self, sender=sender, **named)
  File "/usr/local/lib/python3.5/dist-packages/raven/contrib/celery/__init__.py", line 87, in process_failure_signal
    fingerprint=fingerprint,
  File "/usr/local/lib/python3.5/dist-packages/raven/base.py", line 824, in captureException
    'raven.events.Exception', exc_info=exc_info, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/raven/contrib/django/client.py", line 303, in capture
    result = super(DjangoClient, self).capture(event_type, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/raven/base.py", line 644, in capture
    **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/raven/contrib/django/client.py", line 244, in build_msg
   data = super(DjangoClient, self).build_msg(*args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/raven/base.py", line 503, in build_msg
    crumbs = self.context.breadcrumbs.get_buffer()
  File "/usr/local/lib/python3.5/dist-packages/raven/breadcrumbs.py", line 76, in get_buffer
    processor(payload)
  File "/usr/local/lib/python3.5/dist-packages/raven/contrib/django/client.py", line 91, in processor
    real_sql = real_sql % tuple(real_params)
ValueError: unsupported format character ''' (0x27) at index 9651

It would appear in real_sql there are some % characters which is confusing the naive parameter injection.

Ignoring ValueErrors or properly escaping the % characters should do the trick.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@johanndt