Skip to content

Fix/sse output redaction#1665

Open
karrisanthoshigayatri wants to merge 2 commits into
utksh1:mainfrom
karrisanthoshigayatri:fix/sse-output-redaction
Open

Fix/sse output redaction#1665
karrisanthoshigayatri wants to merge 2 commits into
utksh1:mainfrom
karrisanthoshigayatri:fix/sse-output-redaction

Conversation

@karrisanthoshigayatri

Copy link
Copy Markdown
Contributor

Description

Related Issues

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

How Has This Been Tested?

Checklist

  • My code follows the code style of this project.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have made corresponding changes to the documentation.
  • My changes generate no new warnings.

@utksh1 utksh1 left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the security fix — the parser sandbox changes are solid work. However, there are several issues that need to be addressed before this can be merged:

1. CI is failing (5 test failures directly caused by this PR):

  • test_stderr_captured_in_error — expects stderr_excerpt attribute that was removed
  • test_stderr_excerpt_truncated_to_2000_chars — same issue
  • test_timeout_expired_raises_parser_sandbox_error — still expects _BOOTSTRAP_TEMPLATE.format()
  • test_timeout_error_includes_stderr — asserts stderr in exception message (which you correctly removed)
  • test_sandbox_exec_fails_on_exec_statementstderr_excerpt access

You need to update these existing tests to assert the new secure behavior (no stderr in messages, template uses safe_substitute).

2. Unrelated commit should be separated:
The second commit (parser tests for subdomain_discovery plugin, referencing #1436) is completely unrelated to SSE output redaction. Please either:

  • (a) Remove that commit from this PR and submit it as a separate PR, OR
  • (b) Split this into two PRs

3. No tests for the actual redaction changes:
There should be tests verifying:

  • redact() is called on error messages in routes.py and executor.py
  • _sanitize_stderr() behavior (paths stripped, line numbers stripped)
  • The string.Template + safe_substitute() behavior

4. PR title is misleading:
"SSE output redaction" implies SSE streaming code was modified, but no SSE endpoints were touched. The actual changes are about parser sandbox stderr leakage and error message redaction. Please update the title to reflect reality (e.g., fix: prevent parser sandbox stderr leakage in error messages).

5. Fill out the PR description:
For a security fix, there should be a clear description of the vulnerability, the threat model, and how the fix mitigates it.

The core security changes in parser_sandbox.py are well-designed and should be merged — just needs the above cleanup.

@utksh1 utksh1 added level:intermediate 35 pts difficulty label for moderate contributor PRs type:security Security work category bonus label type:bug Bug fix work category bonus label area:backend Backend API, database, or service work area:security Security-sensitive implementation or tests labels Jul 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:backend Backend API, database, or service work area:security Security-sensitive implementation or tests level:intermediate 35 pts difficulty label for moderate contributor PRs type:bug Bug fix work category bonus label type:security Security work category bonus label

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants