Skip to content

Avoid disclosing config file contents in parse error messages#2261

Open
jiafatom wants to merge 4 commits into
mainfrom
fix/config-parse-error-info-disclosure
Open

Avoid disclosing config file contents in parse error messages#2261
jiafatom wants to merge 4 commits into
mainfrom
fix/config-parse-error-info-disclosure

Conversation

@jiafatom

@jiafatom jiafatom commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Description

When genai_config.json fails to parse, ParseConfig (in src/config.cpp) rethrew the raw JSON parser message. That message can embed verbatim content from the file being parsed — for example, a JSON key name (Unknown value "<key>"). If the config path is influenced by untrusted input, this echoes contents of the targeted file back through the error string.

Change

  • In ParseConfig, on a JSON parse failure, keep the file path in the error message (so the failing file can still be identified) but no longer append the parser's raw message content.
  • Added CAPITests.ConfigParseErrorDoesNotLeakContent (no model required): writes a genai_config.json containing an unknown key, calls OgaConfig::Create, and asserts the resulting error names genai_config.json and contains the parse-error prefix, but does not contain the key from the file. Uses a unique temp directory to avoid parallel-run collisions.

Scope / non-goals

This intentionally does not alter path handling. Accepting an arbitrary filesystem path is the intended behavior of OgaCreateConfig / OgaCreateModel; validating which paths are permissible is the responsibility of the calling application, and adding path/..//UNC restrictions here would break legitimate use cases (relative paths, models on network shares).

Testing

Built and ran the affected tests:

[ RUN      ] CAPITests.Config
[       OK ] CAPITests.Config
[ RUN      ] CAPITests.ConfigParseErrorDoesNotLeakContent
[       OK ] CAPITests.ConfigParseErrorDoesNotLeakContent
[  PASSED  ] 2 tests.

Replaces #2258 (recreated as a non-fork branch so CI can run).

Copilot AI review requested due to automatic review settings July 2, 2026 23:36
@jiafatom jiafatom requested a review from a team as a code owner July 2, 2026 23:36

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request hardens GenAI config parsing error handling to avoid leaking contents of genai_config.json via exception messages, while still identifying the failing file path for diagnostics.

Changes:

  • Sanitizes ParseConfig parse-failure exceptions by removing the JSON parser’s raw message (which may echo file contents).
  • Adds a C API regression test ensuring parse errors mention genai_config.json but do not include a “secret” JSON key from the file.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
src/config.cpp Replaces parse-error rethrow to omit the JSON parser’s message and only include a stable prefix + file path.
test/c_api_tests.cpp Adds CAPITests.ConfigParseErrorDoesNotLeakContent to assert the error message does not echo config contents.

Comment thread test/c_api_tests.cpp Outdated
Comment thread src/config.cpp Outdated
jiafatom and others added 3 commits July 7, 2026 23:06
When parsing genai_config.json fails, ParseConfig rethrew the raw JSON
parser message, which embeds verbatim content from the file (such as JSON
key names). If the config path is influenced by untrusted input, this
could disclose contents of the targeted file through the error message.

Keep the file path in the error so the failing file can still be
identified, but no longer echo the parser's message content.

Add CAPITests.ConfigParseErrorDoesNotLeakContent verifying the error
names the file but does not include a key from the file.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Use a unique per-test temp directory (timestamp suffix) to avoid
  collisions/flakiness across parallel runs; drop the initial remove_all.
- Do not assign the unused OgaConfig::Create result, which could trip
  MSVC /W4 /WX unreferenced-local-variable warnings.
- Assert the error contains the "Error encountered while parsing" prefix
  so the test actually exercises the parse-error path rather than an
  unrelated file-open failure.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
std::filesystem::remove_all can throw on transient filesystem/permission
errors. Since this is only test cleanup, use the error_code overload so a
cleanup failure cannot make the test flaky or fail for the wrong reason.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@jiafatom jiafatom force-pushed the fix/config-parse-error-info-disclosure branch from 5ea0cb2 to a14df15 Compare July 7, 2026 23:06
Per reviewer feedback, retain the JSON parser's message (which identifies the
failing key/token) in debug builds to aid diagnosis, while still omitting it in
release builds to satisfy the MSRC no-content-disclosure requirement. Gate the
test's no-leak assertion under NDEBUG accordingly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants