π‘οΈ Sentinel: Fix Information Leakage in Kafka Consumer#12
Conversation
- Introduced `PredictionService` class to encapsulate prediction logic. - Implemented secure exception handling in `PredictionService` to log full stack traces but return generic error messages to the client/topic. - Updated `FastAPIKafkaService` to use `PredictionService` and improved exception handling in `_process_message`. - Added `tests/controller/test_kafka_app_security.py` to verify sanitization of error messages. - Updated `.jules/sentinel.md` with new security learning. Co-authored-by: lgcorzo <46710567+lgcorzo@users.noreply.github.com>
|
π Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a π emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
- Introduced `PredictionService` class to encapsulate prediction logic. - Implemented secure exception handling in `PredictionService` to log full stack traces but return generic error messages to the client/topic. - Updated `FastAPIKafkaService` to use `PredictionService` and improved exception handling in `_process_message`. - Added `tests/controller/test_kafka_app_security.py` to verify sanitization of error messages. - Formatted code with Ruff to comply with CI checks. - Updated `.jules/sentinel.md` with new security learning. Co-authored-by: lgcorzo <46710567+lgcorzo@users.noreply.github.com>
lgcorzo
deleted the
sentinel/fix-exception-leak-kafka-11752223050906537951
branch
1 participant
π‘οΈ Sentinel: [MEDIUM] Fix Information Leakage in Kafka Consumer
π¨ Severity: MEDIUM
π‘ Vulnerability: The Kafka consumer and prediction callback were catching exceptions and embedding the raw exception message (
str(e)) into the response payload sent to the output topic. This could leak sensitive internal details (stack traces, database info, etc.).π― Impact: If the output topic is consumed by downstream systems or visible to users, sensitive information about the application internals could be exposed.
π§ Fix:
- Refactored
src/regression_model_template/controller/kafka_app.pyto use aPredictionServiceclass.-
PredictionServicecatches exceptions, logs them usinglogger.exception(), and returns a generic "Internal Processing Error" message.- Updated
_process_messageto similarly sanitize JSON decoding errors and other exceptions.β Verification:
- Added
tests/controller/test_kafka_app_security.pywhich mocks a model raising a sensitive exception and asserts that the returned error message is sanitized.- Ran existing tests to ensure no regressions.
PR created automatically by Jules for task 11752223050906537951 started by @lgcorzo