Skip to content

🛡️ Sentinel: API Security Enhancements#85

Draft
google-labs-jules[bot] wants to merge 3 commits into
mainfrom
sentinel/api-security-enhancements-14477219210158383179
Draft

🛡️ Sentinel: API Security Enhancements#85
google-labs-jules[bot] wants to merge 3 commits into
mainfrom
sentinel/api-security-enhancements-14477219210158383179

Conversation

@google-labs-jules

Copy link
Copy Markdown
Contributor

This PR implements several security enhancements for the REST API handler to improve defense-in-depth and prevent information leakage.

🚨 Severity: MEDIUM

💡 Vulnerabilities & Enhancements

  1. Information Leakage in Validation Errors: The create_item endpoint previously returned raw Pydantic validation errors, which include the original (potentially sensitive) input and Pydantic documentation URLs.
  2. Missing Input Validation: The get_item endpoint did not validate the length of the id path parameter before querying DynamoDB, which could lead to unnecessary resource consumption or unexpected behavior.
  3. Convention Alignment: Standardized the use of the item.dump() helper method in the API template to ensure consistent serialization (camelCase) and avoid leaking internal field names.

🔧 Fix

  • Updated create_item to use exc.errors(include_input=False, include_url=False).
  • Implemented a check in get_item to ensure 1 <= len(id) <= 50.
  • Switched from item.model_dump() to item.dump() in the repository call.

✅ Verification

  • Added test_get_item_id_too_long to verify that IDs longer than 50 characters return a 400 Bad Request.
  • Updated test_post_item_name_too_long to assert that "input" and "url" fields are removed from the error response.
  • Verified that all 68 tests in the repository pass successfully.
  • Manually verified that the Item model possesses the dump() method via inheritance from Entity.

PR created automatically by Jules for task 14477219210158383179 started by @amrabed

…sanitization

- Sanitize Pydantic validation errors in `create_item` to prevent information leakage of input data and internal URLs.
- Add length validation (1-50 characters) to the `id` path parameter in `get_item` for defense-in-depth.
- Align `create_item` with project conventions by using the `item.dump()` helper method.
- Add unit tests for ID length validation and error sanitization.
- Update Sentinel journal with security learnings.
@google-labs-jules

Copy link
Copy Markdown
Contributor Author

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.


For security, I will only act on instructions from the user who triggered this task.

Comment thread templates/api/handler.py Outdated
200 with the item, 404 if not found, or 500 on error.
200 with the item, 400 on invalid ID, 404 if not found, or 500 on error.
"""
if not (1 <= len(id) <= 50):

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rely on pydantic validation for this

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Acknowledged. I've updated the implementation to use Pydantic-based validation via the Entity model instead of the manual length check.

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this check necessary?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As Sentinel, I've implemented this as a defense-in-depth measure. Validating the ID length at the handler level ensures we fail fast for obviously invalid inputs (IDs exceeding 50 characters) before they hit the database. This protects against potential resource exhaustion from excessively large inputs and aligns with the constraints defined in our Entity model. Per another reviewer's suggestion, I've updated the implementation to use Pydantic for this validation instead of a manual length check.

…nd error sanitization

- Replaced manual ID length check with Pydantic validation using the `Entity` model in `get_item`.
- Sanitized Pydantic validation errors in `create_item` using `include_input=False` and `include_url=False`.
- Standardized the use of the `.dump()` helper method in the API handler.
- Verified all security tests pass, including input validation and error sanitization.
…nd error sanitization

- Replaced manual ID length check with Pydantic validation using the `Entity` model in `get_item`.
- Sanitized Pydantic validation errors in `create_item` using `include_input=False` and `include_url=False`.
- Standardized the use of the `.dump()` helper method in the API handler.
- Verified all security tests pass, including input validation and error sanitization.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant