Patches (#2225)

* feat: implement URL validation to prevent SSRF * feat: add zip extraction security * ruff fixes * fix: standardize error messages across API responses * fix: improve error handling and standardize error messages across multiple routes * fix: enhance JavaScript string safety in ConnectorCallbackStatus * fix: improve OAuth error handling and message formatting in MCPOAuthCallback
2026-02-17 03:30:54 +00:00 · 2025-12-25 00:57:25 +00:00
parent 197e94302b
commit b0eee7be24
7 changed files with 33 additions and 24 deletions
--- a/application/api/user/agents/routes.py
+++ b/application/api/user/agents/routes.py
@@ -307,9 +307,10 @@ class CreateAgent(Resource):
                        400,
                    )
            except Exception as e:
+                current_app.logger.error(f"Invalid JSON schema: {e}")
                return make_response(
                    jsonify(
-                        {"success": False, "message": f"Invalid JSON schema: {str(e)}"}
+                        {"success": False, "message": "Invalid JSON schema format"}
                    ),
                    400,
                )
--- a/application/api/user/agents/sharing.py
+++ b/application/api/user/agents/sharing.py
@@ -255,8 +255,8 @@ class ShareAgent(Resource):
                    {"$unset": {"shared_metadata": ""}},
                )
        except Exception as err:
-            current_app.logger.error(f"Error sharing/unsharing agent: {err}")
-            return make_response(jsonify({"success": False, "error": str(err)}), 400)
+            current_app.logger.error(f"Error sharing/unsharing agent: {err}", exc_info=True)
+            return make_response(jsonify({"success": False, "error": "Failed to update agent sharing status"}), 400)
        shared_token = shared_token if shared else None
        return make_response(
            jsonify({"success": True, "shared_token": shared_token}), 200