fix(connect): prevent bootstrap JWT leakage via repr and redirects#466
Open
tdstein wants to merge 1 commit intofeat/bootstrap-auth-tls-verify-python-settings-content-buildfrom
Open
Conversation
- BootstrapAuth now has an explicit __repr__/__str__ that masks the token.
- Client.bootstrap wraps the POST in try/except and re-raises a generic
RuntimeError("Bootstrap authentication failed") with the cause
suppressed so the underlying exception (which may include request
details) cannot surface the JWT via str(exc).
- Pass max_redirects=0 to session.post so the bootstrap JWT cannot be
forwarded on any redirect.
- Add tests asserting repr(BootstrapAuth(...)) does not contain the
token and that a failing bootstrap raises without leaking the token.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
☂️ Python Coverage
Overall Coverage
New FilesNo new covered files... Modified Files
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Defensive hardening around
Client.bootstrap()andBootstrapAuthto guarantee the short-lived bootstrap JWT cannot leak through reprs, exception chains, or HTTP redirects.BootstrapAuth.__repr__/__str__now mask the token asBootstrapAuth(token=***).Client.bootstrap()wraps the session call in try/except and raises a genericRuntimeError("Bootstrap authentication failed") from None—from Nonesuppresses the chained cause so the token cannot leak via traceback objects (e.g.requestsexceptions carrying the prepared request).max_redirects=0to the session call so the JWT cannot follow any redirect.finally.Test plan
repr/str/f-string ofBootstrapAuth(token="SEKRET")does not contain the tokenstr(exc)/repr(exc)and uses the generic messagetest_auth.py+TestClientBootstrap)