Closes 18061: Hide traceback from rendered device config (#18127)

* Hide traceback from rendered device config When an exception occurs during device configuration rendering, it usually doesn't contain information about the template being rendered, but rather the trace of how the template was rendered. Since this could confuse users and expose internal server information, it is now hidden. * Improve error message display; replicate changes for VMs --------- Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
2025-07-22 20:12:00 -06:00 · 2024-12-11 16:28:42 +01:00 · 2024-12-11 16:28:42 +01:00 · 26f8c3aae3
commit 26f8c3aae3
parent cc51e7032b
4 changed files with 52 additions and 34 deletions
--- a/netbox/dcim/views.py
+++ b/netbox/dcim/views.py
@ -1,5 +1,3 @@
-import traceback
-
 from django.contrib import messages
 from django.contrib.contenttypes.models import ContentType
 from django.core.paginator import EmptyPage, PageNotAnInteger
@ -2106,7 +2104,8 @@ class DeviceRenderConfigView(generic.ObjectView):
        # If a direct export has been requested, return the rendered template content as a
        # downloadable file.
        if request.GET.get('export'):
-            response = HttpResponse(context['rendered_config'], content_type='text')
+            content = context['rendered_config'] or context['error_message']
+            response = HttpResponse(content, content_type='text')
            filename = f"{instance.name or 'config'}.txt"
            response['Content-Disposition'] = f'attachment; filename="{filename}"'
            return response
@ -2124,17 +2123,18 @@ class DeviceRenderConfigView(generic.ObjectView):

        # Render the config template
        rendered_config = None
+        error_message = None
        if config_template := instance.get_config_template():
            try:
                rendered_config = config_template.render(context=context_data)
            except TemplateError as e:
-                messages.error(request, _("An error occurred while rendering the template: {error}").format(error=e))
-                rendered_config = traceback.format_exc()
+                error_message = _("An error occurred while rendering the template: {error}").format(error=e)

        return {
            'config_template': config_template,
            'context_data': context_data,
            'rendered_config': rendered_config,
+            'error_message': error_message,
        }


--- a/netbox/templates/dcim/device/render_config.html
+++ b/netbox/templates/dcim/device/render_config.html
@ -5,7 +5,7 @@
 {% block title %}{{ object }} - {% trans "Config" %}{% endblock %}

 {% block content %}
-  <div class="row mb-3">
+  <div class="row">
    <div class="col-5">
      <div class="card">
        <h2 class="card-header">{% trans "Config Template" %}</h2>
@ -48,19 +48,28 @@
  </div>
  <div class="row">
    <div class="col">
-      <div class="card">
-        <h2 class="card-header d-flex justify-content-between">
-          {% trans "Rendered Config" %}
-            <a href="?export=True" class="btn btn-primary lh-1" role="button">
-              <i class="mdi mdi-download" aria-hidden="true"></i> {% trans "Download" %}
-            </a>
-        </h2>
-        {% if config_template %}
-          <pre class="card-body">{{ rendered_config }}</pre>
+      {% if config_template %}
+        {% if rendered_config %}
+          <div class="card">
+            <h2 class="card-header d-flex justify-content-between">
+              {% trans "Rendered Config" %}
+              <a href="?export=True" class="btn btn-primary lh-1" role="button">
+                <i class="mdi mdi-download" aria-hidden="true"></i> {% trans "Download" %}
+              </a>
+            </h2>
+            <pre class="card-body">{{ rendered_config }}</pre>
+          </div>
        {% else %}
-          <div class="card-body text-muted">{% trans "No configuration template found" %}</div>
+          <div class="alert alert-warning">
+            <h4 class="alert-title mb-1">{% trans "Error rendering template" %}</h4>
+            {% trans error_message %}
+          </div>
        {% endif %}
-      </div>
+      {% else %}
+        <div class="alert alert-info">
+          {% trans "No configuration template has been assigned for this device." %}
+        </div>
+      {% endif %}
    </div>
  </div>
 {% endblock %}
--- a/netbox/templates/virtualization/virtualmachine/render_config.html
+++ b/netbox/templates/virtualization/virtualmachine/render_config.html
@ -5,7 +5,7 @@
 {% block title %}{{ object }} - {% trans "Config" %}{% endblock %}

 {% block content %}
-  <div class="row mb-3">
+  <div class="row">
    <div class="col-5">
      <div class="card">
        <h2 class="card-header">{% trans "Config Template" %}</h2>
@ -48,19 +48,28 @@
  </div>
  <div class="row">
    <div class="col">
-      <div class="card">
-        <h2 class="card-header d-flex justify-content-between">
-          {% trans "Rendered Config" %}
-            <a href="?export=True" class="btn btn-primary lh-1" role="button">
-              <i class="mdi mdi-download" aria-hidden="true"></i> {% trans "Download" %}
-            </a>
-        </h2>
-        {% if config_template %}
-          <pre class="card-body">{{ rendered_config }}</pre>
+      {% if config_template %}
+        {% if rendered_config %}
+          <div class="card">
+            <h2 class="card-header d-flex justify-content-between">
+              {% trans "Rendered Config" %}
+              <a href="?export=True" class="btn btn-primary lh-1" role="button">
+                <i class="mdi mdi-download" aria-hidden="true"></i> {% trans "Download" %}
+              </a>
+            </h2>
+            <pre class="card-body">{{ rendered_config }}</pre>
+          </div>
        {% else %}
-          <div class="card-body text-muted">{% trans "No configuration template found" %}</div>
+          <div class="alert alert-warning">
+            <h4 class="alert-title mb-1">{% trans "Error rendering template" %}</h4>
+            {% trans error_message %}
+          </div>
        {% endif %}
-      </div>
+      {% else %}
+        <div class="alert alert-info">
+          {% trans "No configuration template has been assigned for this virtual machine." %}
+        </div>
+      {% endif %}
    </div>
  </div>
 {% endblock %}
--- a/netbox/virtualization/views.py
+++ b/netbox/virtualization/views.py
@ -1,5 +1,3 @@
-import traceback
-
 from django.contrib import messages
 from django.db import transaction
 from django.db.models import Prefetch, Sum
@ -425,7 +423,8 @@ class VirtualMachineRenderConfigView(generic.ObjectView):
        # If a direct export has been requested, return the rendered template content as a
        # downloadable file.
        if request.GET.get('export'):
-            response = HttpResponse(context['rendered_config'], content_type='text')
+            content = context['rendered_config'] or context['error_message']
+            response = HttpResponse(content, content_type='text')
            filename = f"{instance.name or 'config'}.txt"
            response['Content-Disposition'] = f'attachment; filename="{filename}"'
            return response
@ -443,17 +442,18 @@ class VirtualMachineRenderConfigView(generic.ObjectView):

        # Render the config template
        rendered_config = None
+        error_message = None
        if config_template := instance.get_config_template():
            try:
                rendered_config = config_template.render(context=context_data)
            except TemplateError as e:
-                messages.error(request, _("An error occurred while rendering the template: {error}").format(error=e))
-                rendered_config = traceback.format_exc()
+                error_message = _("An error occurred while rendering the template: {error}").format(error=e)

        return {
            'config_template': config_template,
            'context_data': context_data,
            'rendered_config': rendered_config,
+            'error_message': error_message,
        }