-
Notifications
You must be signed in to change notification settings - Fork 268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release v2.2.50 #2430
Release v2.2.50 #2430
Conversation
…-export fashion, can make copying projects many times faster
Support for custom MAC addresses in Docker containers
Run Docker containers with user namespaces enabled
Backport auxiliary console support for Qemu, Docker and Dynamips nodes
…upport Revert "Backport auxiliary console support for Qemu, Docker and Dynamips nodes"
…-export fashion, can make copying projects many times faster
…for fast duplication.
Duplicate faster
* `busybox --install` does not exist * `sleep` does not take float values (e.g. 0.5).
Fix issues with recent busybox versions
Symbolic links support for project export/import
os.remove(symlink_path) | ||
os.symlink(symlink_target, symlink_path) | ||
except OSError as e: | ||
raise aiohttp.web.HTTPConflict(text=f"Cannot create symbolic link: {e}") |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Stack trace information
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 3 months ago
To fix the problem, we should avoid including the raw exception message in the HTTP response. Instead, we can log the detailed error message on the server for debugging purposes and return a generic error message to the user. This approach ensures that sensitive information is not exposed while still allowing developers to diagnose issues.
- Modify the exception handling in the
_create_symbolic_links
function to log the detailed error message. - Return a generic error message in the HTTP response to avoid exposing sensitive information.
-
Copy modified lines R196-R197
@@ -195,3 +195,4 @@ | ||
except OSError as e: | ||
raise aiohttp.web.HTTPConflict(text=f"Cannot create symbolic link: {e}") | ||
log.error(f"Cannot create symbolic link: {e}") | ||
raise aiohttp.web.HTTPConflict(text="Cannot create symbolic link due to an internal error.") | ||
|
else: | ||
log.info("Fast duplication failed, fallback to normal duplication") | ||
except Exception as e: | ||
raise aiohttp.web.HTTPConflict(text="Cannot duplicate project: {}".format(str(e))) |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Stack trace information
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 3 months ago
To fix the problem, we need to ensure that the exception message is not exposed to the user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling code to log the exception and return a generic error message.
- Modify the exception handling block to log the exception using the
log
object. - Return a generic error message to the user instead of the detailed exception message.
-
Copy modified lines R1070-R1071
@@ -1069,3 +1069,4 @@ | ||
except Exception as e: | ||
raise aiohttp.web.HTTPConflict(text="Cannot duplicate project: {}".format(str(e))) | ||
log.error("Error duplicating project: %s", str(e)) | ||
raise aiohttp.web.HTTPConflict(text="Cannot duplicate project due to an internal error.") | ||
|
No description provided.