Opened 3 weeks ago
Last modified 2 weeks ago
#36583 closed Bug
Microsoft Partner Program classifies dpaste.com techincal_500 view as a dangerous Malware Site — at Initial Version
| Reported by: | Peter Kahn | Owned by: | |
|---|---|---|---|
| Component: | Error reporting | Version: | 5.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Problem
Microsoft is flagging in the 500 error debug view's ability to send the error details to dpaste.com as Malware. This feature and the view seem OK to me but:
- When I have run into this class of problem in the past, Microsoft has been unwilling to accept evidence of a false positive
- This may impact Django apps in other marketplace verification systems as well
Error Message Excerpt
According to the Microsoft Partner program's Malware scanner:
File name: technical_500.html,
Malware Information:
Avira smartScreen firebog ConfirmedMaliciousURL hXXps[:]dpaste.com/ (FileType:.html) (Executable:true)
) .
History
The dpaste.com storage capability was added about 4 years ago
https://github.com/django/django/blame/main/django/views/templates/technical_500.html#L293
Workaround
If this feature of the view isn't needed, a simple script can surgically remove the aspect of the view. TBH, I've yet to try it and will be doing so today.