#36583 closed Bug (wontfix)
Microsoft Partner Program classifies dpaste.com technical_500 view as a dangerous Malware Site
| Reported by: | Peter Kahn | Owned by: | |
|---|---|---|---|
| Component: | Error reporting | Version: | 5.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Problem
Microsoft Partner Site Malware scan for a compute image publish attempt to Azure Marketplace is flagging in the 500 error debug view's ability to send the error details to dpaste.com as Malware. This feature and the view seem OK to me but:
- When I have run into this class of problem in the past, Microsoft has been unwilling to accept evidence of a false positive
- This may impact Django apps in other marketplace verification systems as well
Error Message Excerpt
According to the Microsoft Partner program's Malware scanner:
File name: technical_500.html,
Malware Information:
Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]dpaste.com/ (FileType:.html) (Executable:true)
) .
History
The dpaste.com storage capability was added about 4 years ago
https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
Workaround
If this feature of the view isn't needed, a simple script can surgically remove the aspect of the view. TBH, I've yet to try it and will be doing so today.
Change History (7)
comment:2 by , 3 weeks ago
| Description: | modified (diff) |
|---|
comment:3 by , 3 weeks ago
The dpaste.com storage capability was added about 4 years ago
Seems it was added in 13aa1970d44ab282fb2f1da763e558c84e0ca906 (refs #2437) about 17 years ago
comment:4 by , 3 weeks ago
| Component: | Generic views → Error reporting |
|---|---|
| Summary: | Microsoft Partner Program classifies dpaste.com techincal_500 view as a dangerous Malware Site → Microsoft Partner Program classifies dpaste.com technical_500 view as a dangerous Malware Site |
comment:5 by , 3 weeks ago
Microsoft is running a file scan, they find the FQDN in a file and block the compute image from being added to their market place. It is not a runtime env but an image.
My workaround is to use a 2 stage docker image and edit the technical_500.html in the 1st stage so the offending FQDN doesn't show up in the final image or the layers as the layers will show in the docker layers on the OS and Microsoft will block.
It is a bogus thing, last time I opened a support ticket and they were a brick wall.
I think y'all will want to remove the div or change to another pastebin option
Replying to Timothy Schilling:
Does Microsoft flag this as a part of any Django app or [only] those that are running with
DEBUG=Truein production that show this page on the web app?
follow-up: 7 comment:6 by , 2 weeks ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
This is unfortunate, however, we would need some consensus on the DevelopersMailingList about how to proceed. If there is one, we would reopen the ticket. Please start a thread if you'd like to try to move this forward.
comment:7 by , 2 weeks ago
Replying to Tim Graham:
This is unfortunate, however, we would need some consensus on the DevelopersMailingList about how to proceed. If there is one, we would reopen the ticket. Please start a thread if you'd like to try to move this forward.
I'm going just let this sit. I wanted to make sure that people were aware of it. Microsoft use of a malware scanner seems like a system to force everyone to buy the malware scanner to be honest with you. This is completely bogus. After this, they flagged several a bunch of mirrors as unacceptable as well.
In each case, workarounds are easily archived. Here's the one I used for this one just in case someone else hits this
Docker Example
RUN python /tmp/remove_pasteform_technical_500_view.py -s /usr/local/lib/python3.13/site-packages/django/views/templates/technical_500.html \ -o /tmp/technical_500.html RUN set -e \ && echo "Cleaning up technical_500.html for MS Defender" \ && diff -w /usr/local/lib/python3.13/site-packages/django/views/templates/technical_500.html /tmp/technical_500.html || true \ && echo "Overwriting stock technical_500 view" \ && mv /tmp/technical_500.html /usr/local/lib/python3.13/site-packages/django/views/templates/ \ && rm -f /tmp/remove_pasteform_technical_500_view.py \ && ls -lrt /tmp \ && echo "Cleanup complete"
Surgically Remove the File
import argparse
from bs4 import BeautifulSoup
# https://code.djangoproject.com/ticket/36583#ticket
# DS-4714 workaround - remove the
def remove_pasteform(source_path, output_path):
with open(source_path, 'r', encoding='utf-8') as f:
soup = BeautifulSoup(f, 'html.parser')
# Ensure this script doesn't trigger the detector as this is
# The cleaner and will not be on the final image but it will
# be reported in a docker layer
target = 'd' + 'paste' + '.com'
# Remove the offending form from the page
# This means running in debug we cannot send the data to a
# pastebin. This seems ok because:
# 1) This is only debug mode
# 2) We have other ways to capture required data (e.g. logging and observability)
for form in soup.find_all('form', {'action': f'https://{target}/'}):
form.decompose()
with open(output_path, 'w', encoding='utf-8') as f:
f.write(str(soup))
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Remove pasteform from technical_500.html')
parser.add_argument('-s', '--source', required=True, help='Source HTML file')
parser.add_argument('-o', '--output', required=True, help='Output HTML file')
args = parser.parse_args()
remove_pasteform(args.source, args.output)
Does Microsoft flag this as a part of any Django app or those that are running with
DEBUG=Truein production that show this page on the web app?