asf-tooling opened a new issue, #1094: URL: https://github.com/apache/tooling-trusted-releases/issues/1094
**ASVS Level(s):** L2 **Description:** ### Summary The /admin/raise-error route is explicitly a test route designed to deliberately trigger error handling for debugging purposes. While it requires admin authentication, it lacks the `_require_debug_and_allow_tests()` check that other debug routes use, making it accessible in production environments. Can be used to probe error handling behavior and verify whether tracebacks are leaked. ### Details In `atr/admin/__init__.py`, the raise_error function does not call `_require_debug_and_allow_tests()` before deliberately raising an exception. ### Recommended Remediation Add `_require_debug_and_allow_tests()` call at the beginning of the raise_error function. ### Acceptance Criteria - [ ] Debug check added to raise_error function - [ ] Route not accessible in production - [ ] Unit tests verify debug mode requirement ### References - Source reports: L2:13.4.2.md, L2:13.4.5.md - Related findings: FINDING-175, FINDING-290 - ASVS sections: 13.4.2, 13.4.5 ### Priority Low --- -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
