Skip to content

Commit 6aa73e1

Browse files
committed
1680: add sanitation of error-message from codeharbor
1 parent 09a3f61 commit 6aa73e1

File tree

4 files changed

+46
-11
lines changed

4 files changed

+46
-11
lines changed

app/services/exercise_service/push_external.rb

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,15 +17,22 @@ def execute
1717
request.headers['Authorization'] = "Bearer #{@codeharbor_link.api_key}"
1818
request.body = body
1919
end
20+
return nil if response.success?
21+
return I18n.t('exercises.export_codeharbor.not_authorized') if response.status == 401
2022

21-
if response.success?
22-
nil
23-
else
24-
response.status == 401 ? I18n.t('exercises.export_codeharbor.not_authorized') : response.body
25-
end
23+
handle_error(message: response.body)
24+
rescue Faraday::ServerError => e
25+
handle_error(error: e, message: I18n.t('exercises.export_codeharbor.server_error'))
2626
rescue StandardError => e
27-
e.message
27+
handle_error(error: e)
2828
end
2929
end
30+
31+
private
32+
33+
def handle_error(message: nil, error: nil)
34+
Sentry.capture_exception(error) if error.present?
35+
ERB::Util.html_escape(message || error.to_s)
36+
end
3037
end
3138
end

config/locales/de/exercise.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,7 @@ de:
103103
export_failed: 'Export ist fehlgeschlagen.<br>ID: %{id}<br>Title: %{title}<br><br>Error: %{error}'
104104
label: Zu CodeHarbor exportieren
105105
not_authorized: Die Autorisierung mit CodeHarbor konnte nicht hergestellt werden. Ist der API-Schlüssel korrekt?
106+
server_error: Verbindung zu CodeHarbor fehlgeschlagen. Gegenseite nicht erreichbar.
106107
successfully_exported: 'Aufgabe wurde erfolgreich exportiert.<br>ID: %{id}<br>Title: %{title}'
107108
external_users:
108109
statistics:

config/locales/en/exercise.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,7 @@ en:
103103
export_failed: 'Export has failed.<br>ID: %{id}<br>Title: %{title}<br><br>Error: %{error}'
104104
label: Export to CodeHarbor
105105
not_authorized: Authorization with could not be established with CodeHarbor. Is the API Key correct?
106+
server_error: Connection to CodeHarbor failed. Remote host unreachable.
106107
successfully_exported: 'Exercise has been successfully exported.<br>ID: %{id}<br>Title: %{title}'
107108
external_users:
108109
statistics:

spec/services/exercise_service/push_external_spec.rb

Lines changed: 31 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,11 @@
2626
let(:status) { 200 }
2727
let(:response) { '' }
2828

29-
before { stub_request(:post, codeharbor_link.push_url).to_return(status:, body: response) }
29+
before do
30+
# Un-memoize the connection to force a reconnection for each example
31+
described_class.instance_variable_set(:@connection, nil)
32+
stub_request(:post, codeharbor_link.push_url).to_return(status:, body: response)
33+
end
3034

3135
it 'calls the correct url' do
3236
expect(push_external).to have_requested(:post, codeharbor_link.push_url)
@@ -49,9 +53,33 @@
4953

5054
context 'when response status is 500' do
5155
let(:status) { 500 }
52-
let(:response) { 'an error occured' }
56+
let(:response) { 'an error occurred' }
57+
58+
it { is_expected.to eql response }
59+
60+
context 'when response contains problematic characters' do
61+
let(:response) { 'an <error> occurred' }
62+
63+
it { is_expected.to eql 'an &lt;error&gt; occurred' }
64+
end
65+
66+
context 'when faraday throws an error' do
67+
let(:connection) { instance_double(Faraday::Connection) }
68+
let(:error) { Faraday::ServerError }
69+
70+
before do
71+
allow(Faraday).to receive(:new).and_return(connection)
72+
allow(connection).to receive(:post).and_raise(error)
73+
end
74+
75+
it { is_expected.to eql I18n.t('exercises.export_codeharbor.server_error') }
76+
77+
context 'when another error occurs' do
78+
let(:error) { 'another error' }
5379

54-
it { is_expected.to be response }
80+
it { is_expected.to eql 'another error' }
81+
end
82+
end
5583
end
5684

5785
context 'when response status is 401' do
@@ -64,8 +92,6 @@
6492

6593
context 'when an error occurs' do
6694
before do
67-
# Un-memoize the connection to force a reconnection
68-
described_class.instance_variable_set(:@connection, nil)
6995
allow(Faraday).to receive(:new).and_raise(StandardError)
7096
end
7197

0 commit comments

Comments
 (0)