Remove attacker-controlled error messages #456
Labels
Comments
|
One way we're thinking of tackling this is through the use of exit codes. Each conversion exit code maps to an issue in a particular step. Then the dangerzone application will show a text association with that error. If further debugging information is needed it can be obtained by running in the CLI with a special parameter (kind of like Qubes' |
deeplow
added a commit
that referenced
this issue
Aug 30, 2023
Creates exceptions in the server code to be shared with the client via an identifying error code. These exceptions are then reconstructed in the client. This removes the need to have attacker controlled error messages passed on to the client as prominently (perhaps only as extra verbose logging). Refs #456 but does not solve it completely (containers code not covered)
deeplow
added a commit
that referenced
this issue
Aug 31, 2023
Creates exceptions in the server code to be shared with the client via an identifying exit code. These exceptions are then reconstructed in the client. Refes #456 but does not completely fix it. Unexpected exceptions and progress descriptions are still passed in Containers.
deeplow
added a commit
that referenced
this issue
Aug 31, 2023
Creates exceptions in the server code to be shared with the client via an identifying exit code. These exceptions are then reconstructed in the client. Refes #456 but does not completely fix it. Unexpected exceptions and progress descriptions are still passed in Containers.
deeplow
added a commit
that referenced
this issue
Aug 31, 2023
Creates exceptions in the server code to be shared with the client via an identifying exit code. These exceptions are then reconstructed in the client. Refs #456 but does not completely fix it. Unexpected exceptions and progress descriptions are still passed in Containers.
deeplow
added a commit
that referenced
this issue
Aug 31, 2023
Creates exceptions in the server code to be shared with the client via an identifying exit code. These exceptions are then reconstructed in the client. Refs #456 but does not completely fix it. Unexpected exceptions and progress descriptions are still passed in Containers.
deeplow
added a commit
that referenced
this issue
Aug 31, 2023
Creates exceptions in the server code to be shared with the client via an identifying exit code. These exceptions are then reconstructed in the client. Refs #456 but does not completely fix it. Unexpected exceptions and progress descriptions are still passed in Containers.
deeplow
added a commit
that referenced
this issue
Sep 19, 2023
Creates exceptions in the server code to be shared with the client via an identifying exit code. These exceptions are then reconstructed in the client. Refs #456 but does not completely fix it. Unexpected exceptions and progress descriptions are still passed in Containers.
deeplow
added a commit
that referenced
this issue
Jan 9, 2024
Now that only the second container can send JSON-encoded progress information, we can the untrusted JSON parsing. The parse_progress was also renamed to `parse_progress_trusted` to ensure future developers don't mistake this as a safe method. The old methods for sending untrusted JSON were repurposed to send the progress instead to stderr for troubleshooting in development mode. Fixes #456
deeplow
added a commit
that referenced
this issue
Jan 10, 2024
Now that only the second container can send JSON-encoded progress information, we can the untrusted JSON parsing. The parse_progress was also renamed to `parse_progress_trusted` to ensure future developers don't mistake this as a safe method. The old methods for sending untrusted JSON were repurposed to send the progress instead to stderr for troubleshooting in development mode. Fixes #456
deeplow
added a commit
that referenced
this issue
Jan 10, 2024
Now that only the second container can send JSON-encoded progress information, we can the untrusted JSON parsing. The parse_progress was also renamed to `parse_progress_trusted` to ensure future developers don't mistake this as a safe method. The old methods for sending untrusted JSON were repurposed to send the progress instead to stderr for troubleshooting in development mode. Fixes #456
apyrgio
pushed a commit
that referenced
this issue
Jan 31, 2024
Now that only the second container can send JSON-encoded progress information, we can the untrusted JSON parsing. The parse_progress was also renamed to `parse_progress_trusted` to ensure future developers don't mistake this as a safe method. The old methods for sending untrusted JSON were repurposed to send the progress instead to stderr for troubleshooting in development mode. Fixes #456
deeplow
added a commit
that referenced
this issue
Feb 5, 2024
Now that only the second container can send JSON-encoded progress information, we can the untrusted JSON parsing. The parse_progress was also renamed to `parse_progress_trusted` to ensure future developers don't mistake this as a safe method. The old methods for sending untrusted JSON were repurposed to send the progress instead to stderr for troubleshooting in development mode. Fixes #456
apyrgio
pushed a commit
that referenced
this issue
Feb 6, 2024
Now that only the second container can send JSON-encoded progress information, we can the untrusted JSON parsing. The parse_progress was also renamed to `parse_progress_trusted` to ensure future developers don't mistake this as a safe method. The old methods for sending untrusted JSON were repurposed to send the progress instead to stderr for troubleshooting in development mode. Fixes #456
deeplow
added a commit
that referenced
this issue
Feb 6, 2024
Now that only the second container can send JSON-encoded progress information, we can the untrusted JSON parsing. The parse_progress was also renamed to `parse_progress_trusted` to ensure future developers don't mistake this as a safe method. The old methods for sending untrusted JSON were repurposed to send the progress instead to stderr for troubleshooting in development mode. Fixes #456
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When a document fails to convert it shows to the user an attacker-controlled error message.
We should reduce the risk of having the attacker showing the user some message that tells the user to bypass dangerzone and open the doc directly. Or at least make the user understand that the text is attacker-controlled.
We don't want to be in a situation like this:
The text was updated successfully, but these errors were encountered: