Decryption of submission via managed keys #2789
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ca5f31a to
42c206f
Compare
81c717a to
1343c28
Compare
|
|
||
| except EncryptionError as exc: | ||
| raise serializers.ValidationError( | ||
| {"enable_kms_encryption": f"{exc}"} |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 30 days ago
To fix the issue, the exception message (exc) should be replaced with a generic error message that does not reveal sensitive information. The detailed exception can still be logged on the server for debugging purposes. This ensures that developers retain access to the stack trace while protecting end users from seeing sensitive details.
The changes should be made in the update method of the XFormSerializer class. Specifically:
- Replace the detailed exception message (
f"{exc}") with a generic error message like"An error occurred while enabling KMS encryption.". - Log the original exception (
exc) using theloggingmodule to retain debugging information.
Suggested changeset
1
onadata/libs/serializers/xform_serializer.py
| @@ -610,4 +610,5 @@ | ||
| except EncryptionError as exc: | ||
| logging.error(f"EncryptionError occurred: {exc}") | ||
| raise serializers.ValidationError( | ||
| {"enable_kms_encryption": f"{exc}"} | ||
| {"enable_kms_encryption": "An error occurred while enabling KMS encryption."} | ||
| ) | ||
| @@ -625,4 +626,5 @@ | ||
| except EncryptionError as exc: | ||
| logging.error(f"EncryptionError occurred: {exc}") | ||
| raise serializers.ValidationError( | ||
| {"enable_kms_encryption": f"{exc}"} | ||
| {"enable_kms_encryption": "An error occurred while disabling KMS encryption."} | ||
| ) |
Copilot is powered by AI and may make mistakes. Always verify output.
ed09fb5 to
53b4c03
Compare
This was referenced Apr 24, 2025
0ed265c to
e6559a4
Compare
| rotation_reason=self.validated_data.get("rotation_reason"), | ||
| ) | ||
| except EncryptionError as exc: | ||
| raise serializers.ValidationError({"id": f"{exc}"}) |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, we will replace the direct exposure of the exception message with a generic error message for the user. The detailed exception information will be logged on the server for debugging purposes. This ensures that sensitive information is not exposed to external users while still allowing developers to diagnose issues.
Suggested changeset
1
onadata/libs/serializers/organization_serializer.py
| @@ -241,2 +241,7 @@ | ||
| except EncryptionError a 8000 s exc: | ||
| raise serializers.ValidationError({"id": f"{exc}"}) | ||
| import logging | ||
| logger = logging.getLogger(__name__) | ||
| logger.error("Encryption error during key rotation: %s", exc) | ||
| raise serializers.ValidationError( | ||
| {"id": _("An internal error occurred while processing the request.")} | ||
| ) |
Copilot is powered by AI and may make mistakes. Always verify output.
eac9423 to
412613d
Compare
84cf78e to
8db3793
Compare
9ad3dd3 to
ccee366
Compare
1bcd435 to
aa9ca4a
Compare
4832992 to
6483396
Compare
8000
ukanga
approved these changes
Jul 8, 2025
…soft delete (#2844) * use pre_save to decr num_of_decrypted_submissions on Instance soft delete * rename signal handler * refactor code * update docstring
* add task for sending grace period expiry reminder notification * add support for multiple grace period reminders * enhance validation for setting KMS_GRACE_EXPIRY_REMINDER_DURATION * enhance comment * resolve lint error possibly-used-before-assignment
* refactor code * fix failing tests * decrement EntityList num_entities if Entity.soft_delete is by-passed decrement EntiyList num_entities even if deleted_at is set directly
* install valigetta package * strip extras for pip-compile * install valigetta via https
* add management command to create org encryption key * update module docstrings * resolve lint error line too long
6483396 to
0981b69
Compare
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes/Features implemented
Encryption of XForms using managed keys.
Decryption of submissions of XForms using managed keys.
Management of encryption keys via key management service provider API.
Steps taken to verify this change does what is intended
Side effects of implementing this change
No side effects
Before submitting this PR for review, please make sure you have:
Closes #