Skip to content

fix: During the conversation, there is sensitive data in the application profile obtained by the application #3018

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 29, 2025
Merged

fix: During the conversation, there is sensitive data in the application profile obtained by the application #3018

merged 1 commit into from
Apr 29, 2025

Conversation

shaohuzhang1
Copy link
Contributor

fix: During the conversation, there is sensitive data in the application profile obtained by the application

@f2c-ci-robot f2c-ci-robot
Copy link

f2c-ci-robot bot commented Apr 29, 2025

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@f2c-ci-robot f2c-ci-robot
Copy link

f2c-ci-robot bot commented Apr 29, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

shaohuzhang1
shaohuzhang1 commented Apr 29, 2025
View reviewed changes
apps/application/serializers/application_serializers.py
@@ -1012,7 +1012,8 @@ def profile(self, with_valid=True):
'stt_autosend': application.stt_autosend,
'file_upload_enable': application.file_upload_enable,
'file_upload_setting': application.file_upload_setting,
'work_flow': application.work_flow,
'work_flow': {'nodes': [node for node in application.work_flow.get('nodes') if
node.get('id') == 'base-node']},
'show_source': application_access_token.show_source,
'language': application_access_token.language,
**application_setting_dict})
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The main change in this function is removing all but one workflow node from application.work_flow.nodes before serializing it to JSON. This could potentially cause issues if the application relies on other nodes defined in the original workflow.

Potential improvements:

  1. Remove unnecessary code: The line if 'base-node' in [node.get('id') for node in ...]: can be simplified or removed entirely since you're already checking against a specific ID later.
  2. Consider adding error handling: It might be good to add a try-except block around operations involving parsing or accessing data within the workflow structure.

@shaohuzhang1 shaohuzhang1 merged commit 59ee0c1 into main Apr 29, 2025
4 checks passed
@shaohuzhang1 shaohuzhang1 deleted the pr@main@fix_chat branch April 29, 2025 05:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do-not-merge/release-note-label-needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@shaohuzhang1