Patches (#2219)

* feat: implement URL validation to prevent SSRF * feat: add zip extraction security * ruff fixes * fix: standardize error messages across API responses
2026-02-20 11:21:23 +00:00 · 2025-12-24 16:35:57 +00:00
parent 98e949d2fd
commit 197e94302b
7 changed files with 102 additions and 44 deletions
--- a/application/api/user/sources/routes.py
+++ b/application/api/user/sources/routes.py
@@ -320,4 +320,4 @@ class DirectoryStructure(Resource):
            current_app.logger.error(
                f"Error retrieving directory structure: {e}", exc_info=True
            )
-            return make_response(jsonify({"success": False, "error": str(e)}), 500)
+            return make_response(jsonify({"success": False, "error": "Failed to retrieve directory structure"}), 500)
--- a/application/api/user/tools/mcp.py
+++ b/application/api/user/tools/mcp.py
@@ -69,7 +69,7 @@ class TestMCPServerConfig(Resource):
            current_app.logger.error(f"Error testing MCP server: {e}", exc_info=True)
            return make_response(
                jsonify(
-                    {"success": False, "error": f"Connection test failed: {str(e)}"}
+                    {"success": False, "error": "Connection test failed"}
                ),
                500,
            )
@@ -234,7 +234,7 @@ class MCPServerSave(Resource):
            current_app.logger.error(f"Error saving MCP server: {e}", exc_info=True)
            return make_response(
                jsonify(
-                    {"success": False, "error": f"Failed to save MCP server: {str(e)}"}
+                    {"success": False, "error": "Failed to save MCP server"}
                ),
                500,
            )
@@ -292,7 +292,7 @@ class MCPOAuthCallback(Resource):
                f"Error handling MCP OAuth callback: {str(e)}", exc_info=True
            )
            return redirect(
-                f"/api/connectors/callback-status?status=error&message=Internal+server+error:+{str(e)}.&provider=mcp_tool"
+                "/api/connectors/callback-status?status=error&message=Internal+server+error.&provider=mcp_tool"
            )


@@ -326,8 +326,8 @@ class MCPOAuthStatus(Resource):
                )
        except Exception as e:
            current_app.logger.error(
-                f"Error getting OAuth status for task {task_id}: {str(e)}"
+                f"Error getting OAuth status for task {task_id}: {str(e)}", exc_info=True
            )
            return make_response(
-                jsonify({"success": False, "error": str(e), "task_id": task_id}), 500
+                jsonify({"success": False, "error": "Failed to get OAuth status", "task_id": task_id}), 500
            )