fix: sanitize parser sandbox error messages to prevent sensitive data leaks#1680
fix: sanitize parser sandbox error messages to prevent sensitive data leaks#1680ionfwsrijan wants to merge 3 commits into
Conversation
|
@utksh1 Please review this. The failing check is pre-exisiting |
utksh1
left a comment
There was a problem hiding this comment.
The parser-sandbox error sanitization is good, but backend-unit CI is failing and the branch has merge conflicts. Please rebase on latest main, fix the failing tests, and push again.
c782e1c to
b828e38
Compare
|
@utksh1 Please review this now |
utksh1
left a comment
There was a problem hiding this comment.
The updated error message now appends sanitized stderr to the user-facing exception. Redaction is not a guarantee that parser stderr is safe to disclose, and the prior design deliberately kept diagnostics private. Please retain redaction for logs/diagnostics but do not include stderr excerpts in API-facing errors; add a regression test proving secret-like and arbitrary parser output are not exposed.
f67c84e to
7be9cb4
Compare
|
@utksh1 Please review this now |
Description
The
ParserSandboxErrorexception includes captured stderr output (up to 2000 chars) in its message, which propagates through the call stack intotask.error_messagein the database and ultimately to the API response. Additionally,_BOOTSTRAP_TEMPLATE.format()uses user-influencedparser_pathwhich can cause format-string injection.Changes
backend/secuscan/parser_sandbox.py:ParserSandboxError— Applyredact()to the stderr excerpt and reduce limit from 2000 to 500 chars. This ensures secrets in parser diagnostic output are sanitized before they reach the API layer.backend/secuscan/parser_sandbox.py:_BOOTSTRAP_TEMPLATE— Replacestr.format()withstr.replace()using sentinel markers (__MAX_INPUT_BYTES__,__PARSER_PATH_REPR__) to prevent format-string injection via user-influencedparser_path.backend/secuscan/executor.py:execute_task()— Applyredact()tostr(e)before storing aserror_messagein the general exception handler.backend/secuscan/executor.py:_parse_results()— Applyredact()to the error message in the generic exception handler.backend/secuscan/parser_sandbox.py— Updated module docstring with security notes about stderr sensitivity.Impact
Files Changed
backend/secuscan/parser_sandbox.py— ParserSandboxError sanitization, template injection fix, docstring updatebackend/secuscan/executor.py— redact() applied in exception handlersCloses #1626