TypeError: startswith first arg must be bytes or a tuple of bytes, not str

Question

TypeError: startswith first arg must be bytes or a tuple of bytes, not str

ap-16 opened this issue 2 years ago · 4 comments

Happy New Year,

I had an issue with

PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

puppetboard 4.2.3

Apache2.4 delivered this error:

[Thu Jan 05 13:06:42.086451 2023] [wsgi:error]   File "/usr/local/lib/python3.9/dist-packages/puppetboard/utils.py", line 56, in check_secret_key
[Thu Jan 05 13:06:42.086455 2023] [wsgi:error]     if secret_key_value.startswith("default-"):
[Thu Jan 05 13:06:42.086467 2023] [wsgi:error]  TypeError: startswith first arg must be bytes or a tuple of bytes, not str

I could it fix by

--- /usr/local/lib/python3.9/dist-packages/puppetboard/utils.py.old        2023-01-05 13:31:00.000000000 +0100
+++ /usr/local/lib/python3.9/dist-packages/puppetboard/utils.py    2023-01-05 13:31:01.000000000 +0100
@@ -53,7 +53,7 @@
     Check if the secret key value is set to a default value, that will stop
     being accepted in v5.x of the app.
     """
-    if secret_key_value.startswith("default-"):
+    if secret_key_value.startswith(b'default-'):
         log.warning(
             "Leaving SECRET_KEY set to a default value WILL cause issues"
             " when the app is restarted or has more than 1 replica"

chears

Answer 1 · 2023-01-05T16:32:41.000Z

Thanks @ap-16, happy New Year to you too! :)

This should be fixed in v4.2.4 released a moment ago. Please let me know if you still have any issues with this.

Answer 2 · 2023-01-09T09:21:50.000Z

Hello gdubicki,

thank you for your fast response.

Unfortunatly, v4.2.4 does not solve my problem:

[Mon Jan 09 09:42:24.471409 2023] [wsgi:error] [pid 1070666:tid 140651094034176] mod_wsgi (pid=1070666): Failed to exec Python script file '/var/www/html/puppetboard/wsgi.py'., referer: https://localhost/
[Mon Jan 09 09:42:24.471438 2023] [wsgi:error] [pid 1070666:tid 140651094034176] mod_wsgi (pid=1070666): Exception occurred processing WSGI script '/var/www/html/puppetboard/wsgi.py'., referer: https://localhost/
[Mon Jan 09 09:42:24.471683 2023] [wsgi:error] [pid 1070666:tid 140651094034176] Traceback (most recent call last):, referer: https://localhost/
[Mon Jan 09 09:42:24.471704 2023] [wsgi:error] [pid 1070666:tid 140651094034176]   File "/var/www/html/puppetboard/wsgi.py", line 6, in <module>, referer: https://localhost/
[Mon Jan 09 09:42:24.471709 2023] [wsgi:error] [pid 1070666:tid 140651094034176]     from puppetboard.app import app as application, referer: https://localhost/
[Mon Jan 09 09:42:24.471716 2023] [wsgi:error] [pid 1070666:tid 140651094034176]   File "/usr/local/lib/python3.9/dist-packages/puppetboard/app.py", line 45, in <module>, referer: https://localhost/
[Mon Jan 09 09:42:24.471720 2023] [wsgi:error] [pid 1070666:tid 140651094034176]     check_secret_key(app.config.get('SECRET_KEY')), referer: https://localhost/
[Mon Jan 09 09:42:24.471725 2023] [wsgi:error] [pid 1070666:tid 140651094034176]   File "/usr/local/lib/python3.9/dist-packages/puppetboard/utils.py", line 60, in check_secret_key, referer: https://localhost/
[Mon Jan 09 09:42:24.471737 2023] [wsgi:error] [pid 1070666:tid 140651094034176]     secret_key_value = secret_key_value.decode("utf-8"), referer: https://localhost/
[Mon Jan 09 09:42:24.471749 2023] [wsgi:error] [pid 1070666:tid 140651094034176] UnicodeDecodeError: 'utf-8' codec can't decode byte 0xef in position 1: invalid continuation byte, referer: https://localhost/
[Mon Jan 09 09:44:02.379448 2023] [wsgi:error] [pid 1070773:tid 139620796856064] mod_wsgi (pid=1070773): Failed to exec Python script file '/var/www/html/puppetboard/wsgi.py'., referer: https://localhost/

you can simply cause such an error using a config line like:
SECRET_KEY = os.urandom(30)

Thank you
ap-16

Answer 3 · 2023-01-09T11:02:34.000Z

Sorry, should be really fixed in v4.2.5.

PS I hope that the os.urandom(30) is just an example for me to reproduce the error but it's not a code that you really use, because then you would have effectively the same problems as you would have with the default SECRET_KEY value, see #721 for more info.

Answer 4 · 2023-01-09T12:11:55.000Z

Hello gdubicki,

now it's working smoothly.

I appreciate your care and that you do not prohibit making errors.
os.urandom(30) lives as a comment in my config. As far as I remember, this was once
mentioned in a description of puppetboard but I may be wrong.
And even the value Apache is complaining for is forged.

Thank you
ap-16