use uv, ruff, prek; update tests gh-workflow#1754
Open
felixrindt wants to merge 7 commits intomainfrom
Open
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
felixrindt
force-pushed
the
uv_prek_ruff
branch
from
4b1b283 to
54d8054
Compare
Comment on lines
+23
to
+26
| return JsonResponse({ | ||
| "state": consequence.state, | ||
| "fail_reason": fail_reason, | ||
| }) |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 month ago
In general, to fix this class of issue you should avoid sending raw exception messages or stack traces directly to clients. Instead, log the detailed information on the server (where developers can inspect it) and return either a generic error message or a sanitized, predefined user-facing message. This prevents accidental disclosure of internal state or implementation details.
For this specific view in src/ephios/core/views/consequences.py, the minimal-impact fix is:
- Stop using
str(e)directly asfail_reason. - Replace it with a generic, non-sensitive message (e.g.
"confirm_failed"or a short human-readable text) that does not depend on the exception content. - Optionally, log the exception using Django’s logging facilities so that developers still have full details; this requires importing
loggingand using a module-level logger.
Concretely:
- Add an import for the standard
loggingmodule at the top ofconsequences.py, and define a logger such aslogger = logging.getLogger(__name__). - In the
except ConsequenceError as e:block, replacefail_reason = str(e)with:- a call to
logger.exception(...)(orlogger.warning/infoif preferred) to record the exception, and - assignment of
fail_reasonto a safe, generic string that can be returned to the client.
This preserves the existing JSON structure (stateandfail_reason) while eliminating exposure of exception text.
- a call to
Suggested changeset
1
src/ephios/core/views/consequences.py
| @@ -5,7 +5,11 @@ | ||
|
|
||
| from ephios.core.consequences import ConsequenceError, editable_consequences | ||
|
|
||
| import logging | ||
|
|
||
| logger = logging.getLogger(__name__) | ||
|
|
||
|
|
||
| class ConsequenceUpdateView(LoginRequiredMixin, SingleObjectMixin, View): | ||
| def get_queryset(self): | ||
| return editable_consequences(self.request.user) | ||
| @@ -19,7 +22,8 @@ | ||
| try: | ||
| consequence.confirm(request.user) | ||
| except ConsequenceError as e: | ||
| fail_reason = str(e) | ||
| logger.exception("Error while confirming consequence %s for user %s", consequence, request.user) | ||
| fail_reason = "confirm_failed" | ||
| return JsonResponse({ | ||
| "state": consequence.state, | ||
| "fail_reason": fail_reason, |
Copilot is powered by AI and may make mistakes. Always verify output.
felixrindt
force-pushed
the
uv_prek_ruff
branch
8 times, most recently
from
c0efe1b to
1d2d606
Compare
uv system fix locale building fix locale building fix locale building fix locale building fix signals import
refix pylint
felixrindt
force-pushed
the
uv_prek_ruff
branch
from
e6317fc to
ae0f0a6
Compare
felixrindt
force-pushed
the
uv_prek_ruff
branch
from
359c2cf to
472659f
Compare
felixrindt
force-pushed
the
uv_prek_ruff
branch
from
472659f to
328267c
Compare
jeriox
reviewed
Mar 7, 2026
| uses: github/codeql-action/init@v4 | ||
| with: | ||
| languages: ${{ matrix.language }} | ||
| languages: ${{ matrix.language }} # TODO unknown reference? |
| while [ true ]; do | ||
| echo "Running cron job" | ||
| /usr/local/bin/python3 -m ephios run_periodic | ||
| uv run python -m ephios run_periodic |
Contributor
There was a problem hiding this comment.
is uv available in the container?
| @@ -984,13 +984,13 @@ var Vue = (function (exports) { | |||
| } | |||
| const targetMap = /* @__PURE__ */ new WeakMap(); | |||
| const ITERATE_KEY = Symbol( | |||
| "Object iterate" | |||
| "Object iterate" | |||
Contributor
There was a problem hiding this comment.
bit weird that we are linting dependencies
Member
Author
There was a problem hiding this comment.
oh I did that by accident once and wanted to undo those changes. Is this the only place I missed that you found?
| ("de", gettext_lazy("German")), | ||
| ("en", gettext_lazy("English")), | ||
| ] | ||
| LANGUAGES = [("de", gettext_lazy("German")), ("en", gettext_lazy("English"))] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes #1641
uv formatas well)srcfolder as suggested in the uv docs and pypi docs