korbit-ai[bot] commented on code in PR #31993:
URL: https://github.com/apache/superset/pull/31993#discussion_r1929945032
##########
superset/db_engine_specs/trino.py:
##########
@@ -62,9 +62,7 @@
class CustomTrinoAuthErrorMeta(type):
def __instancecheck__(cls, instance: object) -> bool:
logger.info("is this being called?")
- return isinstance(
- instance, HttpError
- ) and "error 401: b'Invalid credentials'" in str(instance)
+ return isinstance(instance, HttpError) and "error 401" in str(instance)
Review Comment:
### Weak Authentication Error Detection <sub></sub>
<details>
<summary>Tell me more</summary>
###### What is the issue?
The authentication error check is overly permissive by only checking for
'error 401' in the error message.
###### Why this matters
This loose string matching could lead to false positives in authentication
error detection, potentially causing security misclassifications that affect
the authentication flow.
###### Suggested change ∙ *Feature Preview*
```python
return isinstance(instance, HttpError) and "error 401: b'Invalid
credentials'" in str(instance)
```
</details>
<sub>💡 Does this comment miss the mark? [Tell us
why](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/6ae6401a-afae-44ad-b3fc-90e249962eb5?suggestedFixEnabled=true)
and Korbit will adapt to your team’s feedback.
💬 Chat with Korbit by mentioning @korbit-ai.
</sub>
<!--- korbi internal id:556a06e3-8647-4054-9df2-b722f36844b3 -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
