Hide explorer upstream exception details#5482
Conversation
|
Welcome to RustChain! Thanks for your first pull request. Before we review, please make sure:
Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150) A maintainer will review your PR soon. Thanks for contributing! |
github-actions
Bot
added
BCOS-L1
|
I tried to add the required BCOS tier label, but fork contributors do not have label permissions (AddLabelsToLabelable is denied for this account). Suggested tier: BCOS-L1 for this small information-disclosure hardening patch. |
HoangTechCS-AIE
left a comment
HoangTechCS-AIE
left a comment
There was a problem hiding this comment.
I validated the functional hardening path on head 92c003371519ef87432a7252af4486711a6fb035:
python3 -m py_compile explorer/app.py tests/test_explorer_app_upstream_errors.pypassedpython3 -m pytest tests/test_explorer_app_upstream_errors.py -qpassed with3 passed in 0.07sgit diff --check origin/main...HEAD -- explorer/app.py tests/test_explorer_app_upstream_errors.pypassed
The exception redaction itself looks correct: all three affected API routes now catch requests.exceptions.RequestException, log the full upstream failure server-side via app.logger.exception(...), and return a stable generic client-visible error. The /api/miners fallback shape also keeps miners: [], which matches the existing API contract.
Blocking issue before merge: the newly added code file tests/test_explorer_app_upstream_errors.py is missing an SPDX header. The repo enforces this for added code-like files via tools/bcos_spdx_check.py; running python3 tools/bcos_spdx_check.py --base-ref origin/main currently fails with:
BCOS SPDX check failed. Add an SPDX header to the following new files:
- tests/test_explorer_app_upstream_errors.py
Please add the project-appropriate header near the top of the new test file, e.g. # SPDX-License-Identifier: MIT, then this should be ready from the explorer behavior/security side.
ZacharyZhang-NY
left a comment
ZacharyZhang-NY
left a comment
There was a problem hiding this comment.
Reviewed and verified.
This PR addresses the information-disclosure issue in #5449 for the three affected explorer API routes. The client-visible responses now use the shared generic error string, and /api/miners preserves its existing fallback shape with miners: [].
Validation run:
git fetch origin pull/5482/head:review-pr-5482 --force
git diff --check origin/main...review-pr-5482 -- explorer/app.py tests/test_explorer_app_upstream_errors.py
python -m py_compile explorer/app.py tests/test_explorer_app_upstream_errors.py
python -m pytest tests/test_explorer_app_upstream_errors.py -q
I ran the compile and targeted pytest checks from a temporary archive of the PR head. Result:
3 passed in 0.23s
The regression test covers:
/api/miners -> {"error": "Upstream RustChain API unavailable", "miners": []}
/api/network/stats -> {"error": "Upstream RustChain API unavailable"}
/api/miner/alice -> {"error": "Upstream RustChain API unavailable"}
It also asserts the simulated leaked substrings are absent from the response body: 127.0.0.1, 8000, super-secret, /srv/rustchain/private, and node.py.
No blocking issue found.
|
Addressed the SPDX blocker in c04035f: added the missing SPDX header to tests/test_explorer_app_upstream_errors.py. No behavior changes. |
strongkeep-debug
left a comment
strongkeep-debug
left a comment
There was a problem hiding this comment.
Approving after validating the current head c04035f. The earlier review concern about the new regression file missing an SPDX header is resolved on this head, and the focused upstream-error redaction path still passes.
Focused validation:
python -m py_compile explorer/app.py tests/test_explorer_app_upstream_errors.py
passed
python -m pytest tests/test_explorer_app_upstream_errors.py -q
... [100%]
3 passed in 0.44s
The three covered API routes now return stable generic client-visible errors while preserving the /api/miners response shape with miners: []; full upstream exception detail remains server-side only via logging.
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
LGTM! Thanks for contributing. Approved.
ZacharyZhang-NY
left a comment
ZacharyZhang-NY
left a comment
There was a problem hiding this comment.
Reviewed PR #5482 at head c04035f.
Validation performed:
- Checked issue #5449. The scoped bug is the explorer API returning raw upstream
requestsexception text on/api/miners,/api/network/stats, and/api/miner/<miner_id>. - git fetch origin pull/5482/head:review-pr-5482 --force
- git diff --check origin/main...review-pr-5482 -- explorer/app.py tests/test_explorer_app_upstream_errors.py -> passed.
- python -m py_compile explorer/app.py tests/test_explorer_app_upstream_errors.py on an extracted PR-head tree -> passed.
- python -m pytest tests/test_explorer_app_upstream_errors.py -q --confcutdir= -> 3 passed.
- Ran Flask test-client probes with an upstream exception containing host, port, token, path, and filename details.
/api/minersreturned 500 with{"error":"Upstream RustChain API unavailable","miners":[]};/api/network/statsand/api/miner/alicereturned 500 with the generic upstream-unavailable error. None of the sensitive substrings appeared in the client-visible response bodies.
The explorer routes now preserve the /api/miners fallback shape while keeping upstream connection details out of client JSON. Approving.
Code Review — Bounty #73PR: Hide explorer upstream exception details by @rogierx
SummaryThis is a code change PR. Changes appear consistent with project patterns. Wallet: Reviewing under Bounty #73 — Code Review Bounty Program |
kekehanshujun
left a comment
kekehanshujun
left a comment
There was a problem hiding this comment.
Approved. I reviewed the explorer upstream error redaction patch for issue #5449.
Validation performed:
- Applied the PR patch locally against the PR base.
git diff --check -- explorer/app.py tests/test_explorer_app_upstream_errors.pypassed; the only local note was the existing CRLF/LF normalization warning forexplorer/app.py.python -B -m py_compile explorer/app.py tests/test_explorer_app_upstream_errors.pypassed.python -B -m pytest -q tests/test_explorer_app_upstream_errors.py --noconftest-> 3 passed.
The implementation replaces client-visible raw requests exception text with a shared generic upstream-unavailable response, keeps the existing /api/miners fallback shape with miners: [], and logs the detailed upstream exception server-side with route-specific context. The regression test covers all three affected API routes and checks that host, token, and private path substrings are not leaked.
Code Review — Bounty #73PR: Hide explorer upstream exception details by @rogierx
Wallet: Reviewing under Bounty #73 |
508704820
left a comment
508704820
left a comment
There was a problem hiding this comment.
Hide explorer upstream exception details. Good - prevents leaking internal service URLs and error details. Verify all upstream error handlers follow this pattern. - Xeophon (security review)
TJCurnutte
left a comment
TJCurnutte
left a comment
There was a problem hiding this comment.
Approved. I focused on the explorer upstream-error redaction path.
Validation performed on head c04035f27dbe944a6f8b1317169345ea7284370b:
git diff --check origin/main...HEAD -- explorer/app.py tests/test_explorer_app_upstream_errors.pypassed.python3 -B -m py_compile explorer/app.py tests/test_explorer_app_upstream_errors.pypassed.uv run --no-project --with pytest --with flask --with requests python -B -m pytest -q -o addopts= tests/test_explorer_app_upstream_errors.py --noconftest -p no:cacheproviderpassed with3 passed in 0.23s.- A Flask runtime probe monkeypatched
requests.get()to raiseHTTPConnectionPool(host='127.0.0.1', port=8000): token=super-secret trace=/srv/rustchain/private/node.py;/api/miners,/api/network/stats, and/api/miner/aliceall returned HTTP 500 with the genericUpstream RustChain API unavailableJSON shape andleaks=falsefor the host/token/private-path strings.
The public response boundary is clean now: upstream exception details stay out of API JSON, /api/miners keeps the existing miners: [] client shape, and the full exception is only logged internally for operators.
|
Security Review ✅ Same class as #5545: stops explorer from returning raw upstream exception strings. Logs failures server-side, returns generic error. Reviewed by Xeophon - Solana: Lt9nERv6VHsojw15LpFeiaabuphAggzfLF9sM9UXRrZ |
|
Closing as duplicate of #5450 by @hungle123-dev (first-posted 5h earlier on the same issue). Per first-poster rule, only the original submitter gets bounty credit on a given issue. The fix in #5450 addresses the same root cause and is already under review. Appreciate the effort — for next time, please check open PRs against the same issue before filing. Thanks for the contribution. |
11 participants
Fixes #5449.
Summary
requestsexception strings to clients/api/minersfallback shape withminers: []/api/miners,/api/network/stats, and/api/miner/<id>using a host/token/path-bearing upstream exceptionValidation
/tmp/rustchain-5449-venv/bin/python -m pytest tests/test_explorer_app_upstream_errors.py -q->3 passed/tmp/rustchain-5449-venv/bin/python -m py_compile explorer/app.py tests/test_explorer_app_upstream_errors.pygit diff --check