1680: add sanitation of error-message from codeharbor

Author: kkoehn

app/services/exercise_service/push_external.rb

@@ -17,15 +17,22 @@ def execute
           request.headers['Authorization'] = "Bearer #{@codeharbor_link.api_key}"
           request.body = body
         end
+        return nil if response.success?
+        return I18n.t('exercises.export_codeharbor.not_authorized') if response.status == 401
 
-        if response.success?
-          nil
-        else
-          response.status == 401 ? I18n.t('exercises.export_codeharbor.not_authorized') : response.body
-        end
+        handle_error(message: response.body)
+      rescue Faraday::ServerError => e
+        handle_error(error: e, message: I18n.t('exercises.export_codeharbor.server_error'))
       rescue StandardError => e
-        e.message
+        handle_error(error: e)
       end
     end
+
+    private
+
+    def handle_error(message: nil, error: nil)
+      Sentry.capture_exception(error) if error.present?
+      ERB::Util.html_escape(message || error.to_s)
+    end
   end
 end

config/locales/de/exercise.yml

@@ -103,6 +103,7 @@ de:
       export_failed: 'Export ist fehlgeschlagen.<br>ID: %{id}<br>Title: %{title}<br><br>Error: %{error}'
       label: Zu CodeHarbor exportieren
       not_authorized: Die Autorisierung mit CodeHarbor konnte nicht hergestellt werden. Ist der API-Schlüssel korrekt?
+      server_error: Verbindung zu CodeHarbor fehlgeschlagen. Gegenseite nicht erreichbar.
       successfully_exported: 'Aufgabe wurde erfolgreich exportiert.<br>ID: %{id}<br>Title: %{title}'
     external_users:
       statistics:

config/locales/en/exercise.yml

@@ -103,6 +103,7 @@ en:
       export_failed: 'Export has failed.<br>ID: %{id}<br>Title: %{title}<br><br>Error: %{error}'
       label: Export to CodeHarbor
       not_authorized: Authorization with could not be established with CodeHarbor. Is the API Key correct?
+      server_error: Connection to CodeHarbor failed. Remote host unreachable.
       successfully_exported: 'Exercise has been successfully exported.<br>ID: %{id}<br>Title: %{title}'
     external_users:
       statistics:

spec/services/exercise_service/push_external_spec.rb

@@ -26,7 +26,11 @@
     let(:status) { 200 }
     let(:response) { '' }
 
-    before { stub_request(:post, codeharbor_link.push_url).to_return(status:, body: response) }
+    before do
+      # Un-memoize the connection to force a reconnection for each example
+      described_class.instance_variable_set(:@connection, nil)
+      stub_request(:post, codeharbor_link.push_url).to_return(status:, body: response)
+    end
 
     it 'calls the correct url' do
       expect(push_external).to have_requested(:post, codeharbor_link.push_url)
@@ -49,9 +53,33 @@
 
       context 'when response status is 500' do
         let(:status) { 500 }
-        let(:response) { 'an error occured' }
+        let(:response) { 'an error occurred' }
+
+        it { is_expected.to eql response }
+
+        context 'when response contains problematic characters' do
+          let(:response) { 'an <error> occurred' }
+
+          it { is_expected.to eql 'an &lt;error&gt; occurred' }
+        end
+
+        context 'when faraday throws an error' do
+          let(:connection) { instance_double(Faraday::Connection) }
+          let(:error) { Faraday::ServerError }
+
+          before do
+            allow(Faraday).to receive(:new).and_return(connection)
+            allow(connection).to receive(:post).and_raise(error)
+          end
+
+          it { is_expected.to eql I18n.t('exercises.export_codeharbor.server_error') }
+
+          context 'when another error occurs' do
+            let(:error) { 'another error' }
 
-        it { is_expected.to be response }
+            it { is_expected.to eql 'another error' }
+          end
+        end
       end
 
       context 'when response status is 401' do
@@ -64,8 +92,6 @@
 
     context 'when an error occurs' do
       before do
-        # Un-memoize the connection to force a reconnection
-        described_class.instance_variable_set(:@connection, nil)
         allow(Faraday).to receive(:new).and_raise(StandardError)
       end