plotly/dash-renderer

500 instead of 404 when requested path is trash

radekwlsk opened this issue · 1 comments

During security/pen testing /_dash-component-suites/dash_renderer/foo.js [GET] request resulted in 500 Internal Server Error instead of 404 Not Found which should be returned for not existing paths.

Exception on /_dash-component-suites/dash_renderer/foo.js [GET]
Traceback (most recent call last):
  File "/app/venv/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
    response = self.full_dispatch_request()
  File "/app/venv/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/app/venv/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/app/venv/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
    raise value
  File "/app/venv/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
    rv = self.dispatch_request()
  File "/app/venv/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/app/venv/lib/python3.6/site-packages/dash/dash.py", line 417, in serve_component_suites
    self.registered_paths
Exception: "dash_renderer" is registered but the path requested is not valid.
The path requested: "foo.js"
List of registered paths: {'dash_renderer': ['react@15.4.2.min.js', 'react-dom@15.4.2.min.js', 'bundle.js', 'react@15.4.2.min.js', 'react-dom@15.4.2.min.js', 'bundle.js', 'react@15.4.2.min.js', 'react-dom@15.4.2.min.js', 'bundle.js'], 'dash_html_components': ['bundle.js', 'bundle.js', 'bundle.js'], 'dash_table_experiments': ['bundle.js', 'dash_table_experiments.css', 'bundle.js', 'dash_table_experiments.css', 'bundle.js', 'dash_table_experiments.css'], 'dash_core_components': ['plotly-1.41.0.min.js', 'bundle.js', 'rc-slider@6.1.2.css', 'react-select@1.0.0-rc.3.min.css', 'react-virtualized@9.9.0.css', 'react-virtualized-select@3.1.0.css', 'react-dates@12.3.0.css', 'plotly-1.41.0.min.js', 'bundle.js', 'rc-slider@6.1.2.css', 'react-select@1.0.0-rc.3.min.css', 'react-virtualized@9.9.0.css', 'react-virtualized-select@3.1.0.css', 'react-dates@12.3.0.css', 'plotly-1.41.0.min.js', 'bundle.js', 'rc-slider@6.1.2.css', 'react-select@1.0.0-rc.3.min.css', 'react-virtualized@9.9.0.css', 'react-virtualized-select@3.1.0.css', 'react-dates@12.3.0.css']}

Should be in dash, the component libs also uses that route.