Hello everybody,
I’ve used a fuzzer on my Django v3.2 project that resulted in a broken admin
interface. I’m not sure whether this is a bug or a rough edge case.
I’m using Python 3.9.13 with Django 3.2.18 with Postgres.
I have a Model with a JSONField and also added the model to my admin view (I
don’t use the JSON field on the list view / filter)
```
data = models.JSONField(null=True, blank=True)
```
The fuzzer added (via an API view) a string with 10,000 characters to the data
field.
Every time I want to open the admin list view (and the malicious object is part
of the page), my Django crashes with the following message:
> ValueError
>
> Exceeds the limit (4300) for integer string conversion: value has 10000
> digits; use sys.set_int_max_str_digits() to increase the limit
I have attached my Sentry stack trace as a screenshot.
If this is an intended behavior, I have to validate the data to prevent
malicious strings. But it feels like the admin interface should be able to
handle those JSON values.
It looks like the Python releases in Sep 2022 have to do with this bug/edge
case:
https://mail.python.org/archives/list/python-...@python.org/message/B25APD6FF27NJWKTEGAFRUDNSVVAFIHQ/
<https://mail.python.org/archives/list/python-...@python.org/message/B25APD6FF27NJWKTEGAFRUDNSVVAFIHQ/>
Kind Regards,
Johannes
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/6172A96F-F5FD-4694-9597-DFA815297945%40jfilter.de.
