Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
server/mobile.py
Outdated
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
In general, the fix is to avoid returning raw exception messages or stack traces to the client. Instead, catch exceptions, log the full details on the server (using the existing logging module), and respond with a generic, non-sensitive error message.
For this specific case in server/mobile.py, we should modify the except Exception as e: block in is_ios_app_installed so that:
- The exception is logged using
logging.exception(which will include the stack trace in server logs). - The HTTP response no longer includes
str(e); it should return a generic error indicator instead, such as{"installed": False, "error": "Internal error checking installation status"}or even just{"installed": False}.
No new imports are needed because logging is already imported at the top of the file. The change is localized to lines 803–804 of server/mobile.py, within the is_ios_app_installed function.
| @@ -800,5 +800,6 @@ | ||
| return {"installed": True} | ||
|
|
||
| return {"installed": False} | ||
| except Exception as e: | ||
| return {"installed": False, "error": str(e)} | ||
| except Exception: | ||
| logging.exception("Error while checking if iOS app is installed for simulator %s and bundle_id %s", sim_udid, bundle_id) | ||
| return {"installed": False, "error": "Internal error checking installation status"} |
…we are using hash for track changes on dom
1 participant
PR Type
Refector
Overview
This PR fixed the issue of UI dump upload when we aren't in inspector. previously when we was in AI chatbot then chatbot doesn't get the updated dump always. so this issue is now fixed