fix: sanitize parser sandbox error messages to prevent sensitive data leaks#1680
Open
ionfwsrijan wants to merge 1 commit into
Open
fix: sanitize parser sandbox error messages to prevent sensitive data leaks#1680ionfwsrijan wants to merge 1 commit into
ionfwsrijan wants to merge 1 commit into
Conversation
Contributor
Author
|
@utksh1 Please review this. The failing check is pre-exisiting |
utksh1
requested changes
Jul 9, 2026
utksh1
left a comment
Owner
There was a problem hiding this comment.
The parser-sandbox error sanitization is good, but backend-unit CI is failing and the branch has merge conflicts. Please rebase on latest main, fix the failing tests, and push again.
c782e1c to
b828e38
Compare
Contributor
Author
|
@utksh1 Please review this now |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The
ParserSandboxErrorexception includes captured stderr output (up to 2000 chars) in its message, which propagates through the call stack intotask.error_messagein the database and ultimately to the API response. Additionally,_BOOTSTRAP_TEMPLATE.format()uses user-influencedparser_pathwhich can cause format-string injection.Changes
backend/secuscan/parser_sandbox.py:ParserSandboxError— Applyredact()to the stderr excerpt and reduce limit from 2000 to 500 chars. This ensures secrets in parser diagnostic output are sanitized before they reach the API layer.backend/secuscan/parser_sandbox.py:_BOOTSTRAP_TEMPLATE— Replacestr.format()withstr.replace()using sentinel markers (__MAX_INPUT_BYTES__,__PARSER_PATH_REPR__) to prevent format-string injection via user-influencedparser_path.backend/secuscan/executor.py:execute_task()— Applyredact()tostr(e)before storing aserror_messagein the general exception handler.backend/secuscan/executor.py:_parse_results()— Applyredact()to the error message in the generic exception handler.backend/secuscan/parser_sandbox.py— Updated module docstring with security notes about stderr sensitivity.Impact
Files Changed
backend/secuscan/parser_sandbox.py— ParserSandboxError sanitization, template injection fix, docstring updatebackend/secuscan/executor.py— redact() applied in exception handlersCloses #1626