Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

parse_cookie_str can be crashed by end users via cookie_str = 'true' #135

Open
gmseb opened this issue Feb 8, 2025 · 0 comments
Open

parse_cookie_str can be crashed by end users via cookie_str = 'true' #135

gmseb opened this issue Feb 8, 2025 · 0 comments

Comments

@gmseb
Copy link

gmseb commented Feb 8, 2025

Hi!

I stumbled upon a crash report ValueError: not enough values to unpack (expected 2, got 1) in Sentry from django-cookie-consent code line…

django-cookie-consent/cookie_consent/util.py

Line 15 in 81aae63

key, value = c.split("=")

…today. cookie_str has value "true" in this case, and playing with IPython shows how the current code breaks:

In [1]: 'foo=bar'.split('=')
Out[1]: ['foo', 'bar']

In [2]: ''.split('=')
Out[2]: ['']

In [3]: 'true'.split('=')
Out[3]: ['true']

The issue still exists on master so until this is fixed, Django setups can be crashed like this. Would be great to have fixed, thank you!

Best, Sebastian
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gmseb