Re: [Django] #36583: Microsoft Partner Program classifies dpaste.com technical_500 view as a dangerous Malware Site

[Django]

#36583: Microsoft Partner Program classifies dpaste.com technical_500 view as a
dangerous Malware Site
---------------------------------+--------------------------------------
Reporter: Peter Kahn | Owner: (none)
Type: Bug | Status: new
Component: Error reporting | Version: 5.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+--------------------------------------
Comment (by Peter Kahn):

Microsoft is running a file scan, they find the FQDN in a file and block
the compute image from being added to their market place. It is not a
runtime env but an image.


My workaround is to use a 2 stage docker image and edit the
technical_500.html in the 1st stage so the offending FQDN doesn't show up
in the final image or the layers as the layers will show in the docker
layers on the OS and Microsoft will block.

It is a bogus thing, last time I opened a support ticket and they were a
brick wall.

I think y'all will want to remove the div or change to another pastebin
option
Replying to [comment:1 Timothy Schilling]:
> Does Microsoft flag this as a part of any Django app or [only] those
that are running with `DEBUG=True` in production that show this page on
the web app?
--
Ticket URL: <https://code.djangoproject.com/ticket/36583#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#36583: Microsoft Partner Program classifies dpaste.com technical_500 view as a
dangerous Malware Site
---------------------------------+--------------------------------------
Reporter: Peter Kahn | Owner: (none)

Type: Bug | Status: closed

Component: Error reporting | Version: 5.2

Severity: Normal | Resolution: wontfix

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+--------------------------------------

Changes (by Tim Graham):

* resolution: => wontfix
* status: new => closed

Comment:

This is unfortunate, however, we would need some consensus on the
DevelopersMailingList about how to proceed. If there is one, we would
reopen the ticket. Please start a thread if you'd like to try to move this
forward.
--
Ticket URL: <https://code.djangoproject.com/ticket/36583#comment:6>

[Django]

#36583: Microsoft Partner Program classifies dpaste.com technical_500 view as a
dangerous Malware Site
---------------------------------+--------------------------------------
Reporter: Peter Kahn | Owner: (none)
Type: Bug | Status: closed
Component: Error reporting | Version: 5.2
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+--------------------------------------

Comment (by Peter Kahn):

Replying to [comment:6 Tim Graham]:

> This is unfortunate, however, we would need some consensus on the
DevelopersMailingList about how to proceed. If there is one, we would
reopen the ticket. Please start a thread if you'd like to try to move this
forward.

I'm going just let this sit. I wanted to make sure that people were aware
of it. Microsoft use of a malware scanner. Seems like a system to force
everyone to buy the malware scanner to be honest with you. This is
completely bogus. After this, they flagged several a bunch of mirrors as
unacceptable as well.

In each case, workarounds are easily archived. Here's the one I used for
this one just in case someone else hits this

**Docker Example**
{{{
RUN python /tmp/remove_pasteform_technical_500_view.py -s
/usr/local/lib/python3.13/site-
packages/django/views/templates/technical_500.html \
-o /tmp/technical_500.html
RUN set -e \
&& echo "Cleaning up technical_500.html for MS Defender" \
&& diff -w /usr/local/lib/python3.13/site-
packages/django/views/templates/technical_500.html /tmp/technical_500.html
|| true \
&& echo "Overwriting stock technical_500 view" \
&& mv /tmp/technical_500.html /usr/local/lib/python3.13/site-
packages/django/views/templates/ \
&& rm -f /tmp/remove_pasteform_technical_500_view.py \
&& ls -lrt /tmp \
&& echo "Cleanup complete"
}}}

**Surgically Remove the File**
{{{
import argparse
from bs4 import BeautifulSoup

# https://code.djangoproject.com/ticket/36583#ticket
# DS-4714 workaround - remove the
def remove_pasteform(source_path, output_path):
with open(source_path, 'r', encoding='utf-8') as f:
soup = BeautifulSoup(f, 'html.parser')

# Ensure this script doesn't trigger the detector as this is
# The cleaner and will not be on the final image but it will
# be reported in a docker layer
target = 'd' + 'paste' + '.com'

# Remove the offending form from the page
# This means running in debug we cannot send the data to a
# pastebin. This seems ok because:
# 1) This is only debug mode
# 2) We have other ways to capture required data (e.g. logging and
observability)
for form in soup.find_all('form', {'action': f'https://{target}/'}):
form.decompose()
with open(output_path, 'w', encoding='utf-8') as f:
f.write(str(soup))

if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Remove pasteform from
technical_500.html')
parser.add_argument('-s', '--source', required=True, help='Source HTML
file')
parser.add_argument('-o', '--output', required=True, help='Output HTML
file')
args = parser.parse_args()
remove_pasteform(args.source, args.output)
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36583#comment:7>