bito-code-review[bot] commented on PR #40869:
URL: https://github.com/apache/superset/pull/40869#issuecomment-4652709732
<!-- Bito Reply -->
The flagged issue is correct. Logging the raw exception object `e` at the
WARNING level can expose sensitive network details, violating the module's
contract to use generic categories for warnings. To resolve this, log the
generic reason string at WARNING level and move the detailed exception to a
DEBUG log.
Here is the corrected implementation for
`superset/mcp_service/jwt_verifier.py`:
```python
except (httpx.HTTPError, OSError, TimeoutError) as e:
# Transient failure reaching or reading the JWKS endpoint.
reason = "JWKS verification key unavailable"
_jwt_failure_reason.set(reason)
logger.warning("Could not fetch JWKS verification key: %s",
reason)
logger.debug("Detailed JWKS fetch error: %s", e)
return None
```
There are no other comments in the PR to address. Would you like me to
perform any other checks?
**superset/mcp_service/jwt_verifier.py**
```
except (httpx.HTTPError, OSError, TimeoutError) as e:
# Transient failure reaching or reading the JWKS endpoint.
reason = "JWKS verification key unavailable"
_jwt_failure_reason.set(reason)
logger.warning("Could not fetch JWKS verification key: %s",
reason)
logger.debug("Detailed JWKS fetch error: %s", e)
return None
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
