nesquena-hermes
dd17a0e9b7
security: bandit fixes B310/B324/B110 + QuietHTTPServer (#354)
* security: fix bandit security issues (B310, B324)
- Add usedforsecurity=False to MD5 hash in gateway_watcher.py
- Add URL scheme validation to prevent file:// access in config.py
- Add URL validation to bootstrap.py health check
- Add nosec comments where runtime validation exists
* fix: handle ConnectionResetError gracefully and add debug logging
- Add QuietHTTPServer class to suppress noisy connection reset errors
caused by clients disconnecting abruptly (fixes log spam from
'ConnectionResetError: [Errno 54] Connection reset by peer')
- Replace silent 'pass' statements with logger.debug() calls across
api/auth.py, api/config.py, api/gateway_watcher.py, api/models.py,
and api/onboarding.py for better observability during troubleshooting
- All tests pass (25 passed in test_regressions.py)
* chore: add debug logging to profiles and routes modules
- Replace silent 'pass' statements with logger.debug() calls in
api/profiles.py for better error visibility during profile switching
and module patching
- Add logger initialization to api/routes.py
* security: fix B110 bare except/pass issues (bandit security scan)
- Replace bare except/pass patterns with logger.debug() calls
- Fixes CWE-703 (improper check/handling of exceptional conditions)
- Files affected: routes.py, state_sync.py, streaming.py, workspace.py, server.py
- All tests pass successfully
* security: bandit fixes B310/B324/B110 + QuietHTTPServer (#354)
- api/gateway_watcher.py: MD5 usedforsecurity=False (B324)
- api/config.py, bootstrap.py: URL scheme validation before urlopen (B310)
- 12 files: replace bare except/pass with logger.debug() (B110)
- server.py: QuietHTTPServer suppresses client disconnect log noise
- server.py: fix sys.exc_info() (was traceback.sys.exc_info(), impl detail)
- tests/test_sprint43.py: 19 new tests covering all security fixes
- CHANGELOG.md: v0.50.14 entry; 841 tests total (up from 822)
---------
Co-authored-by: lawrencel1ng <lawrence.ling@global.ntt>
Co-authored-by: Nathan Esquenazi <nesquena@gmail.com>
2026-04-13 11:11:56 -07:00
..
2026-03-30 20:40:19 -07:00
2026-04-12 11:55:40 -07:00
2026-04-10 10:10:28 -07:00
2026-04-09 18:05:23 -07:00
2026-04-11 10:17:52 -07:00
2026-04-11 20:53:12 -07:00
2026-04-13 00:08:30 -07:00
2026-04-13 00:05:04 -07:00
2026-04-12 12:41:12 -07:00
2026-04-11 12:19:12 -07:00
2026-04-12 00:11:41 -07:00
2026-04-12 00:11:41 -07:00
2026-04-13 00:51:55 -07:00
2026-04-11 21:25:18 -07:00
2026-04-12 11:55:40 -07:00
2026-04-11 10:17:52 -07:00
2026-04-11 20:06:37 -07:00
2026-03-31 07:02:47 +00:00
2026-03-30 20:40:19 -07:00
2026-03-30 20:40:19 -07:00
2026-03-30 20:40:19 -07:00
2026-03-30 20:40:19 -07:00
2026-04-12 11:55:40 -07:00
2026-03-30 20:40:19 -07:00
2026-03-30 20:40:19 -07:00
2026-03-30 20:40:19 -07:00
2026-03-30 20:40:19 -07:00
2026-03-31 07:02:47 +00:00
2026-03-31 07:02:47 +00:00
2026-03-31 07:02:47 +00:00
2026-03-31 07:02:47 +00:00
2026-04-02 00:11:49 -07:00
2026-04-12 11:55:40 -07:00
2026-04-03 04:13:38 -07:00
2026-04-03 06:21:04 -07:00
2026-04-08 18:57:50 -07:00
2026-04-12 11:55:40 -07:00
2026-04-03 19:16:17 -07:00
2026-04-05 04:00:24 +00:00
2026-04-06 15:06:16 +00:00
2026-04-06 14:10:30 -07:00
2026-04-10 00:00:02 -07:00
2026-04-10 10:02:28 -07:00
2026-04-10 11:43:49 -07:00
2026-04-10 00:42:02 -07:00
2026-04-11 12:19:12 -07:00
2026-04-13 00:22:58 -07:00
2026-04-12 10:51:48 -07:00
2026-04-12 11:08:59 -07:00
2026-04-12 12:50:32 -07:00
2026-04-12 14:07:00 -07:00
2026-04-12 14:26:00 -07:00
2026-04-12 14:28:16 -07:00
2026-04-12 21:45:25 -07:00
2026-04-13 10:53:58 -07:00
2026-04-13 11:11:56 -07:00
2026-04-09 18:08:29 -07:00
2026-04-10 10:02:28 -07:00
2026-04-12 00:19:33 -07:00