Conversation
…d_mcp_global_vars_from_config()
- Add FilenameExistsResponse model to SDK - Add filename_exists() async method to DocumentsClient - Add GET /v1/documents/check-filename endpoint with API key auth - Export FilenameExistsResponse in SDK __init__.py This enables SDK users to check if a file exists in the knowledge base before ingestion, avoiding duplicate uploads.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if "AuthenticationException" in error_str or "access denied" in error_str.lower(): | ||
| return JSONResponse({"error": "Access denied: insufficient permissions"}, status_code=403) | ||
| else: | ||
| return JSONResponse({"error": str(e)}, status_code=500) |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
In general, to fix this issue we should stop returning the raw exception message to the client. Instead, we should log the full error on the server (as is already done) and return a generic, user-safe error message. If we need to preserve some notion of what went wrong, we can use a high-level description that does not include internal system details, and optionally include a generic error code.
For this specific file, the minimal change that preserves existing behavior is to modify the except Exception as e: block in check_filename_exists_endpoint. We will continue to log the detailed error via logger.error(...) but change the else branch from {"error": str(e)} to a generic message like {"error": "Internal server error while checking filename existence"}. This keeps the control-flow and status codes intact (403 for access issues, 500 for everything else) while eliminating exposure of the raw exception text.
Concretely:
- Edit
src/api/v1/documents.py, in thecheck_filename_exists_endpointfunction. - In the outer
except Exception as e:block (around lines 127–133), keep the logging and the 403 response as-is, but replace the 500 response body to avoid includingstr(e). - No new imports or helper methods are required.
| @@ -130,4 +130,7 @@ | ||
| if "AuthenticationException" in error_str or "access denied" in error_str.lower(): | ||
| return JSONResponse({"error": "Access denied: insufficient permissions"}, status_code=403) | ||
| else: | ||
| return JSONResponse({"error": str(e)}, status_code=500) | ||
| return JSONResponse( | ||
| {"error": "Internal server error while checking filename existence"}, | ||
| status_code=500, | ||
| ) |
…to sdk_for_ragworkbench
- Add inference and ingest pipelines - Add create_boards script and utility modules (utils, logging_config) - Add .env.example for configuration - add pyproject.toml
- Add shared conftest.py with environment and logging fixtures - Enhance inference test with explicit cache hit/miss validation - Update pytest configuration with pythonpath and strict markers
- Add boards module with table_rich board configuration - Rename create_boards.py to evaluate.py for clarity - Enhance .gitignore with additional patterns - Remove unused imports from pipelines - Update utility functions
2 participants
No description provided.