Forum posting bug

General Topics
1

While entering a reply in another thread on the Framework Forum, a message box popped up with the helpful text: 403 forbidden. Simultaneously I noticed that the message ‘preview offline’ had appeared below the preview of my posting to the right of the edit box.

I faffed around and narrowed the cause down to a specific sequence of characters. I’ll type them here with extra space characters.

$ cat / proc / cmdline

Type the string as slash-proc-slash-cmdline and the edit tool will break.

The spaces ensure that the bug is not triggered. However they also completely alter the meaning of the above Linux command.

Since this forum is aimed at both Linux and Windows users, it would be great if this bug could be better characterized and ultimately fixed.

Dino

2 Likes
2

I tried this on a different discourse forum and didn’t have the problem, but did duplicate it here.

3

I wonder if it’s a ‘feature’… keyword blacklisting.

4

I think you’re onto something. I decided to search the forum using its native tool to see if anyone had ever managed to post the string that causes the problem. Among Linux users this would not be a frequently-typed command however on this forum I’d expect it to appear a few times.

The ‘403 forbidden’ message box pops as soon as you type the slash-proc-slash-cmdline sequence into the search edit control.

Dino

5

It does appear to be that; using “cat /proc/cmdlin” (omitting the last “e”) allows the search but as soon as the word “cmdline” is used in full I get the 403 forbidden error here as well.

6

It was able to be posted 7 months ago. Gave up waiting for suspend/resume device ubuntu 22 framework 12 gen - #5 by PDXTabs

7

Thanks for the heads up, everyone. Its been flagged for the Framework team to investigate.

1 Like
8

/proc/​version

also gets blocked

Odd, it’s either doing the blocking intentionally…or it’s trying to access / execute something and getting blocked. Funny thing is that 403 is from the HTTP side of things…as if there’s an application firewall filtering the content and giving an HTTP response code.

Yay…faked a bypass. (zero-width space)
/proc/​cmdline

1 Like
10

Scanning tools for web security are constantly evolving as new threats emerge and are discovered.

My work has issues similar to this where scans performed one day are ok, then the tool updates is database and the next scan, of unchanged code has critical issues.

In this case, it probably looks like some kind of script based attack to the edit scanner.

12

Hi everyone.

We’ve found that this is happening at a level that has shown to be tricky to address directly. We continue to dig into this, but, the usual go to fixes would create new challenges.

Therefore, what I will be using on those occasions where I run into this is to rely on gists:

gists-matt
gists-matt1908×801 185 KB

2 Likes
13

I know there’s invariably an app for that but I’m old school. :wink: An alternative?

$ cat $(sed 's| */ |/|g' <<< '/ proc / cmdline')
BOOT_IMAGE=/vmlinuz-6.1.0-1014-oem root=/dev/mapper/sysvg-root ro quiet splash mem_sleep_default=deep

It’s obviously more opaque but I can type or paste it directly and a reader who copies and pastes it into a shell will get the desired output.

I understand that it will be challenging to fix but @Matt_Hartley what problem is the current behaviour designed to defend against?

Dino

1 Like
14

Respect this! Yeah, this is also outstanding. Most stuff will post fine. It’s oddball code that does this.

It’s…complicated and I am working with the web team on this. It’s not as simple as filtering it turns out, it’s at a different level I can’t get into. And yes, it’s frustrating. We have to be careful on what solutions as to avoid creating another issue that would be far more concerning.

15

cat /proc/\cmdline

would do it…if the target is a shell. Saves some characters and clock cycles.

1 Like