fix: get rid of warning messages

[msvticket]

User description

Description

Don't give the -H option to curl if no BASIC_AUTH is set.

Motivation and Context

If basic auth isn't configured the node containers log Warning: The provided HTTP header '' does not look like a header? every second.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist

• I have read the contributing document.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests passed.

---

PR Type

Bug fix

---

Description

• Conditionally pass Authorization header to curl only when credentials are configured

• Prevents warning messages from curl when BASIC_AUTH is not set

• Uses bash array to safely handle optional curl arguments

---

Diagram Walkthrough

flowchart LR
  A["Check SE_ROUTER credentials"] --> B{Credentials configured?}
  B -->|Yes| C["Add Authorization header to extra_args"]
  B -->|No| D["extra_args remains empty"]
  C --> E["Pass extra_args to curl"]
  D --> E
  E --> F["Execute curl without warning"]

Loading

File Walkthrough

Relevant files

Bug fix

check-grid.sh Conditionally pass Authorization header to curl                    Base/check-grid.sh Declare extra_args array to conditionally store curl arguments Only populate extra_args with Authorization header when both SE_ROUTER_USERNAME and SE_ROUTER_PASSWORD are set Pass extra_args array to curl command instead of always passing potentially empty BASIC_AUTH variable Eliminates warning messages from curl when basic authentication is not configured +3/-2

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Unquoted env input: The curl URL incorporates ${SE_SERVER_PROTOCOL} without quotes, allowing an externally-controlled environment variable to alter argument parsing and potentially inject unintended curl arguments. Referred Code curl -skSL --noproxy "*" "${extra_args[@]}" ${SE_SERVER_PROTOCOL:-"http"}://${HOST}:${PORT}/wd/hub/status | jq -r '.value.ready' | grep -q "true" || exit 1 Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Use printf instead of echo Replace echo -en with printf when creating the BASIC_AUTH variable to safely handle special characters in credentials. Base/check-grid.sh [9-12] if [ -n "${SE_ROUTER_USERNAME}" ] && [ -n "${SE_ROUTER_PASSWORD}" ]; then - BASIC_AUTH="$(echo -en "${SE_ROUTER_USERNAME}:${SE_ROUTER_PASSWORD}" | base64 -w0)" + BASIC_AUTH="$(printf "%s:%s" "${SE_ROUTER_USERNAME}" "${SE_ROUTER_PASSWORD}" | base64 -w0)" extra_args=(-H "Authorization: Basic ${BASIC_AUTH}") fi Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly points out that echo can misinterpret backslashes in credentials, and using printf is a more robust and portable solution, preventing potential authentication failures.	Low
General	Quote the URL argument Enclose the URL argument for the curl command in double quotes to prevent potential word splitting issues. Base/check-grid.sh [34] -curl -skSL --noproxy "*" "${extra_args[@]}" ${SE_SERVER_PROTOCOL:-http}://${HOST}:${PORT}/wd/hub/status | jq -r '.value.ready' | grep -q "true" || exit 1 +curl -skSL --noproxy "*" "${extra_args[@]}" "${SE_SERVER_PROTOCOL:-http}://${HOST}:${PORT}/wd/hub/status" | jq -r '.value.ready' | grep -q "true" || exit 1 Apply / Chat Suggestion importance[1-10]: 5 __ Why: Quoting the URL is a good defensive practice to prevent word splitting, even though the variables used are unlikely to contain spaces in this specific script.	Low
More