Project

General

Profile

Actions

Defect #44227

open

Internal Server Error(500) due to null byte in attachment filename

Added by Ali İhsan Barışman 3 days ago. Updated 2 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Attachments
Target version:
-
Resolution:
Affected version:

Description

Hi,

While generating the "Project Health Report" with the "redmine_ai_helper" plugin, the process was terminating with the following error.

[2026-07-01T15:38:09.707910 #3483] ERROR -- : [abae02e9-5c6e-4629-8705-2d36c2d37c30] error: /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/tools/project_tools.rb:764:in `extname': path name contains null byte (ArgumentError)

      extension = File.extname(attachment.filename).downcase
                                           ^^^^^^^^^^^^^^^^^^^
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/tools/project_tools.rb:764:in `block in calculate_attachment_metrics'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/tools/project_tools.rb:763:in `each'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/tools/project_tools.rb:763:in `group_by'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/tools/project_tools.rb:763:in `calculate_attachment_metrics'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/tools/project_tools.rb:333:in `get_metrics'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/agents/project_agent.rb:165:in `build_recent_metrics_list'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/agents/project_agent.rb:156:in `build_time_period_metrics_list'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/agents/project_agent.rb:150:in `collect_time_period_metrics'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/agents/project_agent.rb:39:in `project_health_report'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/lib/redmine_ai_helper/llm.rb:207:in `project_health_report'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/app/controllers/ai_helper_controller.rb:504:in `block in generate_project_health'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/app/controllers/concerns/ai_helper/streaming.rb:88:in `stream_llm_response'
    from /usr/share/redmine/instances/default/plugins/redmine_ai_helper/app/controllers/ai_helper_controller.rb:498:in `generate_project_health'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/action_controller/metal/basic_implicit_render.rb:8:in `send_action'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/abstract_controller/base.rb:215:in `process_action'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/action_controller/metal/rendering.rb:193:in `process_action'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/abstract_controller/callbacks.rb:261:in `block in process_action'
    from /var/lib/gems/3.3.0/gems/activesupport-7.2.3/lib/active_support/callbacks.rb:121:in `block in run_callbacks'
    from /usr/share/redmine/lib/redmine/sudo_mode.rb:78:in `sudo_mode'
    from /var/lib/gems/3.3.0/gems/activesupport-7.2.3/lib/active_support/callbacks.rb:130:in `block in run_callbacks'
    from /var/lib/gems/3.3.0/gems/activesupport-7.2.3/lib/active_support/callbacks.rb:141:in `run_callbacks'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/abstract_controller/callbacks.rb:260:in `process_action'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/action_controller/metal/rescue.rb:27:in `process_action'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/action_controller/metal/instrumentation.rb:77:in `block in process_action'
    from /var/lib/gems/3.3.0/gems/activesupport-7.2.3/lib/active_support/notifications.rb:210:in `block in instrument'
    from /var/lib/gems/3.3.0/gems/activesupport-7.2.3/lib/active_support/notifications/instrumenter.rb:58:in `instrument'
    from /var/lib/gems/3.3.0/gems/activesupport-7.2.3/lib/active_support/notifications.rb:210:in `instrument'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/action_controller/metal/instrumentation.rb:76:in `process_action'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/action_controller/metal/params_wrapper.rb:259:in `process_action'
    from /var/lib/gems/3.3.0/gems/activerecord-7.2.3/lib/active_record/railties/controller_runtime.rb:39:in `process_action'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/abstract_controller/base.rb:152:in `process'
    from /var/lib/gems/3.3.0/gems/actionview-7.2.3/lib/action_view/rendering.rb:40:in `process'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/action_controller/metal/live.rb:294:in `block (2 levels) in process'
    from /var/lib/gems/3.3.0/gems/activesupport-7.2.3/lib/active_support/concurrency/share_lock.rb:162:in `sharing'
    from /var/lib/gems/3.3.0/gems/activesupport-7.2.3/lib/active_support/dependencies/interlock.rb:37:in `running'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/action_controller/metal/live.rb:285:in `block in process'
    from /var/lib/gems/3.3.0/gems/actionpack-7.2.3/lib/action_controller/metal/live.rb:377:in `block in new_controller_thread'

I, [2026-07-01T15:38:09.708056 #3483]  INFO -- : [abae02e9-5c6e-4629-8705-2d36c2d37c30] project health report: path name contains null byte

I printed a log to find out which attachment was causing the error.

!!! ANALYSING: ID: 7784 - NAME: "RE K-ALLEXIN  \u00005 NAZAL SPREY HK..htm" 

Using the query below, I found out which issue the problematic file attachment belonged to in the database.


SELECT id, filename, container_type, container_id
-> FROM attachments
-> WHERE id = 7784;
+------+--------------------------------------+----------------+--------------+
| id   | filename                             | container_type | container_id |
+------+--------------------------------------+----------------+--------------+
| 7784 | RE K-ALLEXIN   5 NAZAL SPREY HK..htm | Issue          |        11593 |
+------+--------------------------------------+----------------+--------------+
1 row in set (0.001 sec)

The issue could be viewed, but the attachment could not be downloaded in any way.

http://1.1.1.78/attachments/download/7784/RE%20K-ALLEXIN%20%20%005%20NAZAL%20SPREY%20HK..htm
I, [2026-07-01T16:20:07.110490 #5308]  INFO -- : [53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] Started GET "/attachments/7784" for 1.1.1.1 at 2026-07-01 16:20:07 +0300
I, [2026-07-01T16:20:07.111177 #5308]  INFO -- : [53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] Processing by AttachmentsController#show as HTML
I, [2026-07-01T16:20:07.111216 #5308]  INFO -- : [53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a]   Parameters: {"id"=>"7784"}
I, [2026-07-01T16:20:07.116453 #5308]  INFO -- : [53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a]   Current user: hahayidu (id=100)
I, [2026-07-01T16:20:07.120754 #5308]  INFO -- : [53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] Completed 500 Internal Server Error in 9ms (ActiveRecord: 3.4ms (9 queries, 0 cached) | GC: 0.0ms)
F, [2026-07-01T16:20:07.121478 #5308] FATAL -- : [53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a]

[53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] ArgumentError (path name contains null byte):
[53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a]

[53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] lib/redmine/mime_type.rb:66:in extname' [53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] lib/redmine/mime_type.rb:66:in of'
[53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] lib/redmine/mime_type.rb:81:in main_mimetype_of' [53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] lib/redmine/mime_type.rb:88:in is_type?'
[53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] app/models/attachment.rb:270:in is_text?' [53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] app/controllers/attachments_controller.rb:59:in block (2 levels) in show'
[53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] app/controllers/attachments_controller.rb:39:in show' [53acb3e9-28fb-4773-b83a-e7cdf6ef0e2a] lib/redmine/sudo_mode.rb:78:in sudo_mode'

Our users open issues and upload files solely via the WEB interface. We do not have any integrations utilizing REST services. The problematic issue was opened in 2015. Probably, no one even asked why this attachment wasn't opening... I am still very curious as to how a user managed to insert a null byte into the filename. I could not figure out how to do it myself. I don't know the exact version we were using in 2015. Perhaps this is an issue that was prevented in later versions.

I fixed the record in the database with the following command.

UPDATE attachments
SET filename = REPLACE(filename, CHAR(0), '')
WHERE id = 7784;

I wanted to run a test to see if I could create a similar record in our current version. For this purpose, I conducted the test below.

import os
import requests

REDMINE_URL = "http://1.1.1.78" 
API_KEY = "XXXXXXXXXXXXXXXXXXX" 

LocalPath = "/home/hahayidu/TestError.txt" 
with open(LocalPath, "w", encoding="utf-8") as f:
f.write("This is the test")

BrokenFileName = "Test%00Error.txt" 

headers = {
"X-Redmine-API-Key": API_KEY,
"Content-Type": "application/octet-stream",
"Accept": "application/json" 
}

upload_url = f"{REDMINE_URL}/uploads.json?filename={BrokenFileName}" 

print("Sending request...")

try:
with open(LocalPath, "rb") as data_content:
response = requests.post(upload_url, headers=headers, data=data_content)

print("\n--- RESPONSE ---")
print(f"HTTP Status Code: {response.status_code}")

try:
    print("RESPONSE (JSON):")
    print(response.json())
except Exception:
    print("RESPONSE (Text):")
    print(response.text)

finally:

if os.path.exists(LocalPath):
    os.remove(LocalPath)

As a result of the code above, the following log was generated.

I, [2026-07-02T19:02:31.489244 #44594]  INFO -- : [802e6940-bf2c-42e6-b459-27679abe046e] Started POST "/uploads.json?filename=Test%00Error.txt" for 1.1.1.1 at 2026-07-02 19:02:31 +0300
I, [2026-07-02T19:02:31.490144 #44594]  INFO -- : [802e6940-bf2c-42e6-b459-27679abe046e] Processing by AttachmentsController#upload as JSON
I, [2026-07-02T19:02:31.490228 #44594]  INFO -- : [802e6940-bf2c-42e6-b459-27679abe046e]   Parameters: {"filename"=>"Test\u0000Error.txt"}
I, [2026-07-02T19:02:31.493262 #44594]  INFO -- : [802e6940-bf2c-42e6-b459-27679abe046e]   Current user: hahayidu (id=100)
I, [2026-07-02T19:02:31.494270 #44594]  INFO -- : [802e6940-bf2c-42e6-b459-27679abe046e] Completed 500 Internal Server Error in 4ms (ActiveRecord: 0.9ms (3 queries, 0 cached) | GC: 0.0ms)
F, [2026-07-02T19:02:31.494995 #44594] FATAL -- : [802e6940-bf2c-42e6-b459-27679abe046e]

[802e6940-bf2c-42e6-b459-27679abe046e] ArgumentError (path name contains null byte):
[802e6940-bf2c-42e6-b459-27679abe046e]

[802e6940-bf2c-42e6-b459-27679abe046e] app/models/attachment.rb:108:in extname' [802e6940-bf2c-42e6-b459-27679abe046e] app/models/attachment.rb:108:in validate_file_extension'
[802e6940-bf2c-42e6-b459-27679abe046e] app/controllers/attachments_controller.rb:112:in upload' [802e6940-bf2c-42e6-b459-27679abe046e] lib/redmine/sudo_mode.rb:78:in sudo_mode'

I couldn't manage to create the file, but I caused the server to throw an error. Is there a need to prevent the server from throwing this error?

Environment:
  Redmine version                6.0.5.stable
  Ruby version                   3.3.8-p144 (2025-04-09) [x86_64-linux-gnu]
  Rails version                  7.2.3
  Environment                    production
  Database adapter               Mysql2
  Mailer queue                   ActiveJob::QueueAdapters::SidekiqAdapter
  Mailer delivery                smtp
Redmine settings:
  Redmine theme                  Alternate
SCM:
  Git                            2.47.3
  Filesystem                     
Redmine plugins:
  redmine_ai_helper              3.3.0

Best regards...

Actions #1

Updated by Go MAEDA 2 days ago

I posted a patch to fix the ArgumentError that occurs when uploading a file with null bytes:
Defect #44228: Uploading an attachment with a NUL byte in the filename causes an Internal Server Error

Actions

Also available in: Atom PDF