Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions superset/db_engine_specs/trino.py
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,7 @@
class CustomTrinoAuthErrorMeta(type):
def __instancecheck__(cls, instance: object) -> bool:
logger.info("is this being called?")
return isinstance(
instance, HttpError
) and "error 401: b'Invalid credentials'" in str(instance)
return isinstance(instance, HttpError) and "error 401" in str(instance)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Weak Authentication Error Detection category Security

Tell me more
What is the issue?

The authentication error check is overly permissive by only checking for 'error 401' in the error message.

Why this matters

This loose string matching could lead to false positives in authentication error detection, potentially causing security misclassifications that affect the authentication flow.

Suggested change ∙ Feature Preview
return isinstance(instance, HttpError) and "error 401: b'Invalid credentials'" in str(instance)

💡 Does this comment miss the mark? Tell us why and Korbit will adapt to your team’s feedback.
💬 Chat with Korbit by mentioning @korbit-ai.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is overly specific & restrictive. Check for 401 is enough i guess.



class TrinoAuthError(HttpError, metaclass=CustomTrinoAuthErrorMeta):
Expand Down
Loading