mirror/doorman
1
0
Fork 0
mirror of https://github.com/apidoorman/doorman.git synced 2026-04-26 10:38:52 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
cd08086b8a93415e78ba62e7fd373a35ead646e4
doorman/user-docs/examples/tests/test_exception_handling_fixes.py
T
seniorswe ab3bae0975 cleanup
2025-10-15 01:25:18 -04:00

106 lines
4.0 KiB
Python
Raw Blame History

"""
Test Exception Handling Improvements
Documents the fixes to prevent silent auth bypass via broad exception handling
"""
def test_exception_handling_patterns():
"""Test exception handling patterns in auth paths"""
print("Exception Handling Security Improvements")
print("=" * 70)
print()
patterns = [
{
'location': 'utils/auth_util.py:122-124',
'pattern': 'Good (Already Correct)',
'code': '''except Exception as e:
logger.error(f'Unexpected error in auth_required: {str(e)}')
raise HTTPException(status_code=401, detail='Unauthorized')''',
'security': 'SECURE',
'reason': 'Logs error and re-raises as HTTPException'
},
{
'location': 'routes/authorization_routes.py (5 locations)',
'pattern': 'Fixed: Admin check exceptions',
'code': '''except Exception as e:
logger.error(f'{request_id} | Admin check failed: {str(e)}', exc_info=True)''',
'security': 'IMPROVED',
'reason': 'Now logs errors instead of silent pass'
},
{
'location': 'routes/authorization_routes.py:756-758',
'pattern': 'Fixed: Token revocation fallback',
'code': '''except Exception as e:
logger.warning(f'{request_id} | Token revocation failed, using fallback: {str(e)}')''',
'security': 'IMPROVED',
'reason': 'Logs revocation failures for monitoring'
},
{
'location': 'doorman.py:548-551 (body_size_limit)',
'pattern': 'Fixed: Middleware exception logging',
'code': '''except Exception as e:
gateway_logger.error(f'Body size limit middleware error: {str(e)}', exc_info=True)
return await call_next(request)''',
'security': 'IMPROVED',
'reason': 'Critical security middleware failures now logged'
},
{
'location': 'doorman.py:588-590 (request_id_middleware)',
'pattern': 'Fixed: Request ID middleware',
'code': '''except Exception as e:
gateway_logger.error(f'Request ID middleware error: {str(e)}', exc_info=True)
return await call_next(request)''',
'security': 'IMPROVED',
'reason': 'Middleware errors logged for investigation'
}
]
for i, pattern in enumerate(patterns, 1):
print(f"{i}. {pattern['location']}")
print(f" Pattern: {pattern['pattern']}")
print(f" Security: {pattern['security']}")
print(f" Reason: {pattern['reason']}")
print()
print(" Code:")
for line in pattern['code'].split('\n'):
print(f" {line}")
print()
print("=" * 70)
print()
print("Security Impact Summary:")
print()
print("BEFORE (Vulnerable):")
print(" except Exception:")
print(" pass # Silent failure - attackers exploit this")
print()
print("Problems:")
print(" - Authentication failures silently ignored")
print(" - Permission checks bypassed without logging")
print(" - Security middleware failures undetected")
print(" - No audit trail for investigation")
print()
print("AFTER (Secure):")
print(" except Exception as e:")
print(" logger.error(f'Error details: {e}', exc_info=True)")
print(" # Appropriate action (re-raise, fallback, or continue)")
print()
print("Benefits:")
print(" ✓ All errors logged with full stack traces")
print(" ✓ Security incidents visible in logs")
print(" ✓ Audit trail for forensic analysis")
print(" ✓ Monitoring/alerting can detect attack patterns")
print()
print("Files Modified:")
print(" 1. routes/authorization_routes.py (6 locations)")
print(" 2. doorman.py (2 middleware handlers)")
print(" 3. utils/auth_util.py (already correct)")
print()
print("P0 Risk Mitigated:")
print(" Silent authentication bypass via exception swallowing")
print()
if __name__ == '__main__':
test_exception_handling_patterns()
Reference in New Issue View Git Blame Copy Permalink