Re: [PR] fix(mcp): enforce audience, algorithm, issuer binding, and token scopes (strict mode) [superset]

[via GitHub]

bito-code-review[bot] commented on code in PR #40653:
URL: https://github.com/apache/superset/pull/40653#discussion_r3366307428


##########
superset/mcp_service/auth.py:
##########
@@ -117,6 +195,39 @@ def __init__(
         super().__init__(message)
 
 
+def _log_scope_denial(
+    func: Callable[..., Any],
+    method_permission_name: str,
+    permission_str: str,
+    class_permission_name: str,
+    *,
+    log_denial: bool,
+) -> None:
+    """Log a scope-based denial for a tool the user has RBAC access to.
+
+    Extracted from ``check_tool_permission`` to keep that function's
+    cyclomatic complexity in check.
+    """
+    required_scope = _METHOD_TO_REQUIRED_SCOPE.get(method_permission_name)
+    if log_denial:
+        logger.warning(
+            "Scope denied for user %s: token lacks required scope "
+            "'%s' for %s on %s (tool: %s)",
+            g.user.username,

Review Comment:
   <div>
   
   
   <div id="suggestion">
   <div id="issue"><b>CWE-117: Log Injection in _log_scope_denial</b></div>
   <div id="fix">
   
   Unsanitized `g.user.username` in logger.warning() enables log injection. An 
attacker with RBAC write permission on a tool with a `write` method_permission 
could set their username to `malicious\n2026-01-01 ERROR: Admin access granted` 
to forge fake log entries in production logs. Use `_sanitize_for_log()` 
(already imported in this file) to escape newlines, carriage returns, and tabs 
before interpolation — consistent with how `token_iss` is sanitized on line 466 
of this same file. ([CWE-117](https://cwe.mitre.org/data/definitions/117.html))
   </div>
   
   
   <details>
   <summary>
   <b>Code suggestion</b>
   </summary>
   <blockquote>Check the AI-generated fix before applying</blockquote>
   <div id="code">
   
   
   ```
    --- a/superset/mcp_service/auth.py
    +++ b/superset/mcp_service/auth.py
    @@ -213,7 +213,7 @@ def _log_scope_denial(
             logger.warning(
                 "Scope denied for user %s: token lacks required scope "
                 "'%s' for %s on %s (tool: %s)",
    -            g.user.username,
    +            _sanitize_for_log(g.user.username),
                 required_scope,
                 permission_str,
                 class_permission_name,
   ```
   
   </div>
   </details>
   
   
   
   </div>
   
   
   
   
   <small><i>Code Review Run #912c9e</i></small>
   </div>
   
   ---
   Should Bito avoid suggestions like this for future reviews? (<a 
href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>)
   - [ ] Yes, avoid them



##########
superset/mcp_service/auth.py:
##########
@@ -117,6 +195,39 @@ def __init__(
         super().__init__(message)
 
 
+def _log_scope_denial(
+    func: Callable[..., Any],
+    method_permission_name: str,
+    permission_str: str,
+    class_permission_name: str,
+    *,
+    log_denial: bool,
+) -> None:
+    """Log a scope-based denial for a tool the user has RBAC access to.
+
+    Extracted from ``check_tool_permission`` to keep that function's
+    cyclomatic complexity in check.
+    """
+    required_scope = _METHOD_TO_REQUIRED_SCOPE.get(method_permission_name)
+    if log_denial:
+        logger.warning(
+            "Scope denied for user %s: token lacks required scope "
+            "'%s' for %s on %s (tool: %s)",
+            g.user.username,
+            required_scope,
+            permission_str,
+            class_permission_name,
+            func.__name__,
+        )
+    else:
+        logger.debug(
+            "Tool hidden for user %s: token lacks required scope '%s' (tool: 
%s)",
+            g.user.username,

Review Comment:
   <div>
   
   
   <div id="suggestion">
   <div id="issue"><b>CWE-117: Log Injection in _log_scope_denial (debug 
path)</b></div>
   <div id="fix">
   
   Same log-injection risk as line 216, but for the DEBUG-level branch in 
`_log_scope_denial`. Apply `_sanitize_for_log(g.user.username)` here as well 
for consistency. ([CWE-117](https://cwe.mitre.org/data/definitions/117.html))
   </div>
   
   
   <details>
   <summary>
   <b>Code suggestion</b>
   </summary>
   <blockquote>Check the AI-generated fix before applying</blockquote>
   <div id="code">
   
   
   ```
    --- a/superset/mcp_service/auth.py
    +++ b/superset/mcp_service/auth.py
    @@ -222,7 +222,7 @@ def _log_scope_denial(
             logger.debug(
                 "Tool hidden for user %s: token lacks required scope '%s' 
(tool: %s)",
    -            g.user.username,
    +            _sanitize_for_log(g.user.username),
                 required_scope,
                 func.__name__,
             )
   ```
   
   </div>
   </details>
   
   
   
   </div>
   
   
   
   
   <small><i>Code Review Run #912c9e</i></small>
   </div>
   
   ---
   Should Bito avoid suggestions like this for future reviews? (<a 
href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>)
   - [ ] Yes, avoid them



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org