Skip to content

Test branch #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 31 commits into
base: master
Choose a base branch
from
Draft

Test branch #10

wants to merge 31 commits into from

Conversation

@F1r3Hydr4nt
Copy link
Collaborator

@F1r3Hydr4nt F1r3Hydr4nt commented Nov 28, 2025

No description provided.

F1r3Hydr4nt and others added 30 commits November 19, 2025 17:38
@F1r3Hydr4nt
Fixing pytest
4c5c48c
@F1r3Hydr4nt
Modifications to get to zero failures
d4a8099
@jo7ueb
refs #5 add requirements.txt for Django example
2a9961e
@jo7ueb
refs #5 add Django generated initial files
cfd207e
@jo7ueb
refs #5 temporaly impl of JSON-RPC server with Django
15b7e8d
@jo7ueb
refs #5 fix wrong PushDrop include path
d6cc99d
@jo7ueb
refs #5 fix some import issues
97e044f
@jo7ueb
refs #5 make isStorageProvedr() to pass
7863210
@jo7ueb
refs #5 isStorageProvider now returns true for StorageProvider
8acdcf2
@F1r3Hydr4nt
BRC-100 compatibility implemented and tested, 215 failures remaing
cd2ec07
@F1r3Hydr4nt
ZERO failing tests, complaints about Permissions, Certificates, Chain…
6ea009b 
…tracks, Monitor not implemented?
@F1r3Hydr4nt
No failing tests
622f863
@jo7ueb
refs #5 more robust parameter handling
e1f74c4
@F1r3Hydr4nt
No failures
62c1ea0
@F1r3Hydr4nt
More tests unskipped, need discussion
af7e070
@F1r3Hydr4nt
MISSING_FUNCTIONALITY_MODULES.md
6bb2ce6
@F1r3Hydr4nt
Full comparison
c196d7e
@jo7ueb
initial BRC-100 wallet demo example
4aab5f0
@F1r3Hydr4nt
Started on coverage, no warnings, 59%
c3a8b1f
@jo7ueb
more rich example
72df8bc
@jo7ueb
no more japanese language!
1b0185d
@F1r3Hydr4nt
Added coverage now at 64%
bb6ffc5
@jo7ueb
fix some error
467f434
@jo7ueb
impl Monitor layer
53c7c38
@F1r3Hydr4nt
65.68%
88f31d6
@F1r3Hydr4nt
Added brc29 implementation
9359afb
@F1r3Hydr4nt
67.95%
cc0549a
@F1r3Hydr4nt
Merge branch 'test-branch' into develop
da580a5
@F1r3Hydr4nt
Merge pull request #9 from jo7ueb/develop
46f114a 
Implemented JSON-RPC server with Django
@F1r3Hydr4nt
>70%
f0cc1bf
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 28, 2025
View reviewed changes
examples/django_server/wallet_app/views.py
response_data = server.handle_json_rpc_request(request_data)

# Return JSON response
return JsonResponse(response_data, status=200)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix

AI 2 days ago

The best way to fix the problem is to ensure that error messages sent to clients are generic and do not contain exception-derived details.

  • In src/bsv_wallet_toolbox/rpc/json_rpc_server.py:
    • In all relevant except Exception as e: blocks and similar, update the returned error object so that the "message" field uses a hardcoded, generic string instead of str(e) or f"Internal error: {e!s}".
    • Log the actual details server-side, but always return either "Internal error" for unexpected exceptions, or use the protocol-specified generic messages for known exception types.
  • In examples/django_server/wallet_app/views.py:
    • No change is needed, as this endpoint already returns the result from the RPC server, and the actual leak occurs upstream (in the RPC error construction).

The detailed change:

  • For all three error-generating blocks in src/bsv_wallet_toolbox/rpc/json_rpc_server.py, change:
    • JsonRpcInternalError(str(e)).to_dict()JsonRpcInternalError().to_dict()
    • JsonRpcInternalError(f"Internal error: {e!s}").to_dict()JsonRpcInternalError().to_dict()
    • Similarly for parameter errors: optionally, sanitize the error message for JsonRpcInvalidParamsError, but if further sanitization is desired, make even this message generic, e.g. "Invalid parameters" instead of including e!s.

No additional imports or method definitions are needed.

Suggested changeset 1
src/bsv_wallet_toolbox/rpc/json_rpc_server.py
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/bsv_wallet_toolbox/rpc/json_rpc_server.py b/src/bsv_wallet_toolbox/rpc/json_rpc_server.py
--- a/src/bsv_wallet_toolbox/rpc/json_rpc_server.py
+++ b/src/bsv_wallet_toolbox/rpc/json_rpc_server.py
@@ -469,10 +469,10 @@
             }
 
         except Exception as e:
-            logger.error(f"Unexpected error during request validation: {e}")
+            logger.error(f"Unexpected error during request validation: {e}", exc_info=True)
             return {
                 "jsonrpc": "2.0",
-                "error": JsonRpcInternalError(str(e)).to_dict(),
+                "error": JsonRpcInternalError().to_dict(),
                 "id": request_id,
             }
 
@@ -516,7 +514,7 @@
             logger.warning(f"Invalid params for method {method}: {e}")
             return {
                 "jsonrpc": "2.0",
-                "error": JsonRpcInvalidParamsError(f"Invalid parameters: {e!s}").to_dict(),
+                "error": JsonRpcInvalidParamsError().to_dict(),
                 "id": request_id,
             }
 
@@ -525,7 +523,7 @@
             logger.error(f"Internal error in method {method}: {e}", exc_info=True)
             return {
                 "jsonrpc": "2.0",
-                "error": JsonRpcInternalError(f"Internal error: {e!s}").to_dict(),
+                "error": JsonRpcInternalError().to_dict(),
                 "id": request_id,
             }
 
EOF
@@ -469,10 +469,10 @@
}

except Exception as e:
logger.error(f"Unexpected error during request validation: {e}")
logger.error(f"Unexpected error during request validation: {e}", exc_info=True)
return {
"jsonrpc": "2.0",
"error": JsonRpcInternalError(str(e)).to_dict(),
"error": JsonRpcInternalError().to_dict(),
"id": request_id,
}

@@ -516,7 +514,7 @@
logger.warning(f"Invalid params for method {method}: {e}")
return {
"jsonrpc": "2.0",
"error": JsonRpcInvalidParamsError(f"Invalid parameters: {e!s}").to_dict(),
"error": JsonRpcInvalidParamsError().to_dict(),
"id": request_id,
}

@@ -525,7 +523,7 @@
logger.error(f"Internal error in method {method}: {e}", exc_info=True)
return {
"jsonrpc": "2.0",
"error": JsonRpcInternalError(f"Internal error: {e!s}").to_dict(),
"error": JsonRpcInternalError().to_dict(),
"id": request_id,
}

Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@F1r3Hydr4nt @jo7ueb