🐛 bug: clear plaintext cookie when encryption fails#4303
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
WalkthroughMiddleware snapshots response cookie keys, encrypts them by key, and if any encryption fails removes non-except cookies from the response before returning the joined error. A test now asserts no Set-Cookie headers are present when encryption fails. ChangesCookie Encryption Error Handling
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.12.2)level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain main module or its selected dependencies" Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4303 +/- ##
==========================================
- Coverage 91.32% 91.28% -0.05%
==========================================
Files 132 132
Lines 12933 12939 +6
==========================================
Hits 11811 11811
- Misses 708 713 +5
- Partials 414 415 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Code Review
This pull request modifies the encryptcookie middleware to delete a cookie from the response header if encryption fails and adds a regression test assertion. A review comment identifies a security concern where other cookies intended for encryption might remain in plaintext because the loop terminates immediately upon error. The reviewer suggests iterating through all response cookies to remove any that are not excluded to prevent sensitive information exposure.
There was a problem hiding this comment.
Pull request overview
This PR hardens the encryptcookie middleware’s failure behavior to avoid leaking plaintext response cookies when cookie encryption fails after the downstream handler has already set cookies.
Changes:
- Delete the response cookie from the outgoing response headers when
cfg.Encryptorreturns an error, before propagating the error. - Add a regression assertion to ensure no
Set-Cookieheaders are returned when encryption fails inTest_Middleware_EncryptionErrorPropagates.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| middleware/encryptcookie/encryptcookie.go | Deletes the affected response cookie from the response header before returning an encryption error. |
| middleware/encryptcookie/encryptcookie_test.go | Adds an assertion that Set-Cookie is empty when encryption fails. |
Agent-Logs-Url: https://github.com/gofiber/fiber/sessions/5d388cf2-df79-4d51-895e-a7ebe87a35b6 Co-authored-by: gaby <835733+gaby@users.noreply.github.com>
Motivation
Set-Cookieheaders from being emitted whenencryptcookiefails to encrypt a response cookie after the handler returns, which could leak cookie values to the client.Description
c.Response().Headerwhencfg.Encryptorreturns an error before returning the encryption error, and add a regression assertion ensuring noSet-Cookieheaders are returned on encryption failure inTest_Middleware_EncryptionErrorPropagates.