Skip to content

Wrap every tool with exception handling #1472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
CTY-git merged 3 commits into from
Mar 12, 2025
Merged

Wrap every tool with exception handling #1472

CTY-git merged 3 commits into from
Mar 12, 2025

Conversation

@CTY-git
Copy link
Contributor

@CTY-git CTY-git commented Mar 11, 2025
edited
Loading

PR Checklist

  • The commit message follows our guidelines: Code of conduct
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • Does this PR introduce a breaking change?
  • Include PR in release notes?

PR Type

  • Bugfix
  • Feature
  • Refactoring
  • Build /CI
  • Documentation
  • Others

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Other information

@CTY-git CTY-git requested a review from whoisarpit March 11, 2025 10:01
@patched-admin
Copy link
Contributor

patched-admin commented Mar 12, 2025

File Changed: patchwork/common/tools/grep_tool.py

Rule 1: Do not ignore potential bugs in the code

Details: The code changes from raising exceptions to returning error messages as strings. This creates an inconsistent error handling pattern that could lead to bugs where error conditions are not properly handled by calling code. The code now mixes two different error handling approaches - some errors raise exceptions while others return strings.

Affected Code Snippet:

if pattern is None:
    return "`pattern` argument is required!"

try:
    path = Path(path).resolve()
except FileNotFoundError:
    return f"`path` does not exist"

if not path.is_relative_to(self.__working_dir):
    return f"Path must be relative to working dir {self.__working_dir}"

Start Line: 164
End Line: 173

Rule 2: Do not overlook possible security vulnerabilities

Details: Converting exceptions to returned strings for path validation could lead to security vulnerabilities. An attacker could potentially bypass path validation if the calling code doesn't properly check the returned error strings. The original exception-based approach provided stronger guarantees against path traversal attacks.

Affected Code Snippet:

if not path.is_relative_to(self.__working_dir):
    return f"Path must be relative to working dir {self.__working_dir}"

Start Line: 180
End Line: 181

File Changed: patchwork/common/tools/tool.py

Rule 1: Do not ignore potential bugs in the code

Details: The code modification introduces a potential bug by catching all exceptions and converting them to string messages. This could mask critical errors and make debugging more difficult. The broad exception handling could catch and hide important system-level exceptions that should be propagated up the stack.

Affected Code Snippet:

try:
    return func(self, *args, **kwargs)
except Exception as e:
    logger.error(f"Error executing Tool: {self.name}: {e}")
    return f"Error: {e}"

Start Line: 77
End Line: 80

Rule 2: Do not overlook possible security vulnerabilities

Details: The code change introduces a potential security vulnerability by exposing exception details in the return value. Exception messages might contain sensitive information about the system, stack traces, or internal errors that could be exploited by malicious actors.

Affected Code Snippet:

except Exception as e:
    logger.error(f"Error executing Tool: {self.name}: {e}")
    return f"Error: {e}"

Start Line: 79
End Line: 80

@CTY-git CTY-git merged commit 4598b71 into main Mar 12, 2025
4 checks passed
@CTY-git CTY-git deleted the wrap-every-tool-exception branch March 12, 2025 02:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@whoisarpit whoisarpit whoisarpit approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CTY-git @patched-admin @whoisarpit