Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return api server host and db host info from diagnostic endpt #1343

Merged
merged 2 commits into from
Nov 14, 2023
Merged

Return api server host and db host info from diagnostic endpt #1343

merged 2 commits into from
Nov 14, 2023

Conversation

melange396
Copy link
Collaborator

im mostly curious about the stickiness of the connections between the api server and the load balanced db hosts (i imagine each thread may connect to a different db backend, and that this can change as those connections are closed and reestablished)

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 9, 2023
View reviewed changes
src/server/endpoints/admin.py
'serving_host': serving_host,
'database_host': db_host,
}
return make_response(json.dumps(response_data), 200, {'content-type': 'text/plain'})

Check failure

Code scanning / SonarCloud

Endpoints should not be vulnerable to reflected cross-site scripting (XSS) attacks

<!--SONAR_ISSUE_KEY:AYu0-4MX3xbAiJ_MOB8c-->Change this code to not reflect user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=cmu-delphi_delphi-epidata&issues=AYu0-4MX3xbAiJ_MOB8c&open=AYu0-4MX3xbAiJ_MOB8c&pullRequest=1343">SonarCloud</a></p>
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

false positive! i already fixed this in a way suggested by sonarcloud: by changing the content-type

@korlaxxalrok
Copy link
Contributor

@melange396 Is this protected in some way so that only Delphi users or systems can request it?

@melange396
Copy link
Collaborator Author

@melange396 Is this protected in some way so that only Delphi users or systems can request it?

@korlaxxalrok Tis! The _require_admin() call above my changes enforces that.

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Nov 14, 2023
edited
Loading

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

korlaxxalrok
korlaxxalrok approved these changes Nov 14, 2023
View reviewed changes
Copy link
Contributor

@korlaxxalrok korlaxxalrok left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@melange396 melange396 merged commit 511723c into dev Nov 14, 2023
@melange396 melange396 deleted the moar_diagnosticendpoint branch November 14, 2023 17:00
@dshemetov dshemetov mentioned this pull request Nov 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@korlaxxalrok korlaxxalrok korlaxxalrok approved these changes

@dmytrotsko dmytrotsko Awaiting requested review from dmytrotsko

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@melange396 @korlaxxalrok