Skip to content

🛡️ Sentinel: Fix sensitive data leakage in error responses#40

Open
AGI-Corporation wants to merge 1 commit intomainfrom
sentinel/fix-sensitive-data-leak-in-errors-8744681762830886235
Open

🛡️ Sentinel: Fix sensitive data leakage in error responses#40
AGI-Corporation wants to merge 1 commit intomainfrom
sentinel/fix-sensitive-data-leak-in-errors-8744681762830886235

Conversation

@AGI-Corporation
Copy link
Copy Markdown
Owner

@AGI-Corporation AGI-Corporation commented Apr 10, 2026
edited by coderabbitai bot
Loading

This PR addresses a security vulnerability where sensitive information, specifically JWT tokens and license keys, was being included in error responses sent to the client.

🚨 Severity: MEDIUM

💡 Vulnerability: Exposure of Sensitive Data in Error Messages

🎯 Impact:

Invalid or expired JWT tokens and license keys were included in the params field of ActivepiecesError objects. These objects are serialized and sent to the client by the global error handler in the backend. While the tokens/keys might be invalid or expired, leaking them still provides unnecessary information to potential attackers and can lead to sensitive data being recorded in client-side logs or intercepted.

🔧 Fix:

  • Modified packages/shared/src/lib/common/activepieces-error.ts to change the parameter types for INVALID_OR_EXPIRED_JWT_TOKEN and INVALID_LICENSE_KEY to Record<string, never>.
  • Updated call sites in packages/server/api/src/app/ee/connection-keys/connection-key.service.ts and packages/server/api/src/app/ee/license-keys/license-keys-controller.ts to stop passing the sensitive data to the error constructor.

✅ Verification:

  • Manual code inspection confirms no sensitive data is passed to these error types.
  • Ran nx lint on the affected packages to ensure type safety.
  • Documented the learning in .jules/sentinel.md.

PR created automatically by Jules for task 8744681762830886235 started by @AGI-Corporation

Summary by CodeRabbit

  • Bug Fixes
    • Updated error handling to remove sensitive authentication and license information from client-facing error responses.

@google-labs-jules @AGI-Corporation
🛡️ Sentinel: Fix sensitive data leakage in error responses
4530b50 
Remove sensitive credentials (JWT tokens and license keys) from ActivepiecesError parameters to prevent them from being leaked to clients via the global error handler.

Co-authored-by: AGI-Corporation <186229839+AGI-Corporation@users.noreply.github.com>
@google-labs-jules
Copy link
Copy Markdown
Contributor

google-labs-jules bot commented Apr 10, 2026

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

Copilot AI review requested due to automatic review settings April 10, 2026 08:06
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 10, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 271aa6aa-b20e-4d25-9d25-73b9752f0b83

📥 Commits

Reviewing files that changed from the base of the PR and between f61e720 and 4530b50.

📒 Files selected for processing (4)
  • .jules/sentinel.md
  • packages/server/api/src/app/ee/connection-keys/connection-key.service.ts
  • packages/server/api/src/app/ee/license-keys/license-keys-controller.ts
  • packages/shared/src/lib/common/activepieces-error.ts
📝 Walkthrough

Walkthrough

This pull request addresses a security vulnerability where JWT tokens and license keys were being exposed in error parameters serialized and sent to clients. The fix removes sensitive data from error instantiations and updates type definitions to prevent future inclusion of sensitive information in error params.

Changes

Cohort / File(s) Summary
Error Type Definitions
packages/shared/src/lib/common/activepieces-error.ts		 Updated InvalidJwtTokenErrorParams and InvalidLicenseKeyParams type definitions to use Record<string, never> instead of containing sensitive fields (token and key respectively), preventing sensitive data from being included in error parameters.
Error Instantiations
packages/server/api/src/app/ee/connection-keys/connection-key.service.ts, packages/server/api/src/app/ee/license-keys/license-keys-controller.ts		 Removed sensitive data (JWT tokens and license keys) from ActivepiecesError params, replacing with empty objects in connection key and license key validation error handlers.
Documentation
.jules/sentinel.md		 Added sentinel documentation recording the security issue of sensitive data exposure in error parameters and prevention approaches.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A token here, a key tucked there,
But errors should be light and bare!
No secrets in the params field,
The rabbit's wisdom: data sealed. ✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: fixing sensitive data leakage in error responses, which is the primary objective of the PR.
Description check ✅ Passed The description provides thorough details about the vulnerability, severity, impact, fixes applied, and verification steps, though it partially deviates from the provided template structure.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch sentinel/fix-sensitive-data-leak-in-errors-8744681762830886235

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR mitigates a sensitive-data exposure issue by ensuring credential-like values (JWT tokens, license keys) are no longer included in ActivepiecesError.params, which the server error handler serializes back to clients.

Changes:

  • Updated shared error param typings for INVALID_OR_EXPIRED_JWT_TOKEN and INVALID_LICENSE_KEY to disallow passing sensitive fields.
  • Removed token/key values from the corresponding ActivepiecesError throw sites in the server API.
  • Added a Sentinel learning note documenting the root cause and prevention approach.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
packages/shared/src/lib/common/activepieces-error.ts Tightens error param types for JWT/license key errors to prevent carrying sensitive values.
packages/server/api/src/app/ee/license-keys/license-keys-controller.ts Stops including licenseKey in INVALID_LICENSE_KEY error params.
packages/server/api/src/app/ee/connection-keys/connection-key.service.ts Stops including JWT token values in INVALID_OR_EXPIRED_JWT_TOKEN error params.
.jules/sentinel.md Documents the incident and the preventative pattern for future changes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AGI-Corporation