joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Server internal error details leaking in error messages returned to clients (#9937)

Browse Source
This commit is contained in:
Lucas Coratger
2025-11-23 13:51:42 +01:00
committed by GitHub
parent 38c9d2e359
commit 50edb5ab4b
35 changed files with 390 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
spec/ParseInstallation.spec.js
View File

@@ -157,6 +157,9 @@ describe('Installations', () => {
});
it('should properly fail queying installations', done => {
const logger = require('../lib/logger').default;
const loggerErrorSpy = spyOn(logger, 'error').and.callThrough();
const installId = '12345678-abcd-abcd-abcd-123456789abc';
const device = 'android';
const input = {
@@ -166,6 +169,7 @@ describe('Installations', () => {
rest
.create(config, auth.nobody(config), '_Installation', input)
.then(() => {
loggerErrorSpy.calls.reset();
const query = new Parse.Query(Parse.Installation);
return query.find();
})
@@ -174,10 +178,11 @@ describe('Installations', () => {
done();
})
.catch(error => {
expect(error.code).toBe(119);
expect(error.code).toBe(Parse.Error.OPERATION_FORBIDDEN);
expect(error.message).toBe(
"Clients aren't allowed to perform the find operation on the installation collection."
'Permission denied'
);
expect(loggerErrorSpy).toHaveBeenCalledWith('Sanitized error:', jasmine.stringContaining("Clients aren't allowed to perform the find operation on the installation collection."));
done();
});
});