Skip to content

Replace security-critical assert statements with explicit exceptions#3149

Open
ChihweiLHBird wants to merge 3 commits into
mainfrom
zhiwei/replace-assertions
Open

Replace security-critical assert statements with explicit exceptions#3149
ChihweiLHBird wants to merge 3 commits into
mainfrom
zhiwei/replace-assertions

Conversation

@ChihweiLHBird

@ChihweiLHBird ChihweiLHBird commented Apr 7, 2026

Copy link
Copy Markdown
Member
  • Replace assert with ValueError in headers.py for proxy count validation and app.py for duplicate blueprint detection
  • assert statements are stripped when Python runs with -O, silently disabling these checks in production

@ChihweiLHBird ChihweiLHBird requested a review from a team as a code owner April 7, 2026 02:46
@ChihweiLHBird ChihweiLHBird requested a review from Copilot April 7, 2026 02:46
@ChihweiLHBird
Replace security-critical assert statements with explicit exceptions
bf466fe 
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
@ChihweiLHBird ChihweiLHBird force-pushed the zhiwei/replace-assertions branch from 75886b1 to bf466fe Compare April 7, 2026 02:49
Copilot AI reviewed Apr 7, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR replaces security-sensitive assert checks (which are stripped under Python -O) with explicit exceptions to ensure misconfiguration and invalid state are still enforced in production.

Changes:

  • Replace an assert on PROXIES_COUNT with a ValueError in parse_xforwarded
  • Replace an assert on duplicate blueprint registration with a ValueError in Sanic.blueprint

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
sanic/headers.py Converts proxy-count validation from assert to an explicit exception in forwarded-header parsing.
sanic/app.py Converts duplicate-blueprint detection from assert to an explicit exception during blueprint registration.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread sanic/headers.py
Comment thread sanic/app.py
@ChihweiLHBird
Update test
9fc420f 
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
@ChihweiLHBird ChihweiLHBird requested a review from Copilot April 7, 2026 03:48
Copilot AI reviewed Apr 7, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov

codecov Bot commented Apr 7, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 50.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.710%. Comparing base (785d77f) to head (87e5992).

Files with missing lines Patch % Lines
sanic/headers.py 0.000% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@              Coverage Diff              @@
##              main     #3149       +/-   ##
=============================================
- Coverage   87.793%   87.710%   -0.083%     
=============================================
  Files          105       105               
  Lines         8143      8145        +2     
  Branches      1290      1292        +2     
=============================================
- Hits          7149      7144        -5     
- Misses         687       693        +6     
- Partials       307       308        +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ChihweiLHBird
Fix bandit security scan failure with bandit 1.9.4
87e5992 
Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ChihweiLHBird