Summary: | [ews-app] Pass api key in more secure manner | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Aakash Jain <aakash_jain> | ||||||
Component: | Tools / Tests | Assignee: | Aakash Jain <aakash_jain> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | ap, jbedard, webkit-bug-importer | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | Other | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Attachments: |
|
Description
Aakash Jain
2020-07-22 06:08:43 PDT
Created attachment 404925 [details]
Patch
Comment on attachment 404925 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=404925&action=review > Tools/BuildSlaveSupport/ews-app/ews/common/bugzilla.py:98 > + # Catching all exceptions here to safeguard api key. You say you're catching all exceptions to safeguard the API key, but then you log the exception anyways? Is that deliberate? I suppose you're guaranteeing that the exception won't end up in the response, but the API could still end up in the log, no? Comment on attachment 404925 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=404925&action=review >> Tools/BuildSlaveSupport/ews-app/ews/common/bugzilla.py:98 >> + # Catching all exceptions here to safeguard api key. > > You say you're catching all exceptions to safeguard the API key, but then you log the exception anyways? Is that deliberate? I suppose you're guaranteeing that the exception won't end up in the response, but the API could still end up in the log, no? Oops, I printed the exception here for debugging. Thanks for catching that. Created attachment 404935 [details]
Patch
Committed r264711: <https://trac.webkit.org/changeset/264711> All reviewed patches have been landed. Closing bug and clearing flags on attachment 404935 [details]. Deployed the change on the server. |