Skip to content

Commit

Permalink
http-api: T6736: sanitize error message containing user input
Browse files Browse the repository at this point in the history
  • Loading branch information
@jestabro
jestabro committed Oct 1, 2024
1 parent 7e23fd9 commit 2571d52
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/services/api/rest/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
# pylint: disable=too-few-public-methods

import json
from html import escape
from enum import Enum
from typing import List
from typing import Union
Expand All @@ -31,6 +32,7 @@


def error(code, msg):
msg = escape(msg, quote=False)
resp = {'success': False, 'error': msg, 'data': None}
resp = json.dumps(resp)
return HTMLResponse(resp, status_code=code)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.

Check warning

Code scanning / CodeQL

Reflected server-side cross-site scripting Medium

Cross-site scripting vulnerability due to a
user-provided value
Loading
.
Cross-site scripting vulnerability due to a
user-provided value
Loading
.
Cross-site scripting vulnerability due to a
user-provided value
Loading
.
Cross-site scripting vulnerability due to a
user-provided value
Loading
.
Cross-site scripting vulnerability due to a
user-provided value
Loading
.
Cross-site scripting vulnerability due to a
user-provided value
Loading
.
Cross-site scripting vulnerability due to a
user-provided value
Loading
.
Cross-site scripting vulnerability due to a
user-provided value
Loading
.
Cross-site scripting vulnerability due to a
user-provided value
Loading
.
Expand Down

0 comments on commit 2571d52

Please sign in to comment.