Skip to content

Fix proxy permission leak and redact sensitive error descriptions#4748

Open
huanghongbo-hhb wants to merge 14 commits into
koderover:mainfrom
huanghongbo-hhb:fix/sensitive-credential-leaks
Open

Fix proxy permission leak and redact sensitive error descriptions#4748
huanghongbo-hhb wants to merge 14 commits into
koderover:mainfrom
huanghongbo-hhb:fix/sensitive-credential-leaks

Conversation

@huanghongbo-hhb

@huanghongbo-hhb huanghongbo-hhb commented Jun 8, 2026
edited by landylee007
Loading

Copy link
Copy Markdown
Contributor

Summary

  • restore the system admin check on the proxy list API
  • redact sensitive values from error descriptions before returning them to clients

Why

  • the proxy list endpoint could expose stored proxy credentials
  • downstream integration errors could leak credentials in URLs and raw error text

Risk / Compatibility

  • low risk: this only narrows proxy list access and masks secret values in error descriptions

Test

  • verified in UAT: non-admin proxyManage now returns 403, and Nacos/PingCode validation errors redact credentials

Contact

This change is Reviewable

@huanghongbo-hhb
fix: prevent credential leaks in proxy and error responses
1876e6b 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
fix: tighten error sanitization edge cases
6b620c2 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
test: cover error sanitization behavior
d717b64 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
feat: humanize nacos error messages
ef0273d 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
fix: preserve nacos error chain
9df25cc 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
fix: humanize remaining nacos client paths
f16c080 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
PetrusZ
PetrusZ reviewed Jun 8, 2026
View reviewed changes
Comment thread pkg/microservice/aslan/core/system/handler/proxy.go
Comment thread pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go Outdated
Comment thread pkg/tool/nacos/error_humanizer.go Outdated
@huanghongbo-hhb
fix: refine proxy list and nacos job errors
ab1a550 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
chore: keep proxy auth TODO comment
9faa3de 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
revert: remove nacos error humanizer
384246d 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
fix: revert unintended user orm change
2726832 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
chore: drop error sanitize tests from pr
6214902 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
fix: keep original nacos error messages
ad601cb 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
PetrusZ
PetrusZ reviewed Jun 16, 2026
View reviewed changes
Comment thread pkg/microservice/aslan/core/system/service/proxy.go Outdated
Comment thread pkg/tool/errors/errors.go
@huanghongbo-hhb
fix: mask sensitive credentials without breaking edit flows
ed59f9f 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
@huanghongbo-hhb
fix: localize nacos error sanitization
a0b2e9a 
Signed-off-by: huanghongbo-hhb <huanghongbo@koderover.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@PetrusZ PetrusZ PetrusZ left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

common service/aslan

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@huanghongbo-hhb @PetrusZ