server improvements #354
server improvements #354
Conversation
- Added new functions to handle alerts and notifications fusion via websocket. - Introduced `update_alerts_fusion_websocket_v1` and `update_etryvoga_fusion_websocket_v1` for processing and storing alert data. - Enhanced data handling with new byte data storage functions and improved state management for alerts. - Updated websocket server to manage alerts and notifications efficiently, including hashing and diffing logic for state changes. - Refactored existing alert batch handling to accommodate new data structures and improve performance. - Introduced new constants for alert types and updated shared data structure to include alerts fusion states.
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| changed_region_ids = fing_changed_regions(old_state, new_state) | ||
| empty_region_ids = fing_empty_regions(old_state, new_state) | ||
|
|
||
| logger.debug(f"{client_ip}:{chip_id} <<< changed_region_ids: {changed_region_ids}") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we should avoid logging sensitive information such as chip_id and client_ip in clear text. The best approach is to either remove these fields from the log message or to redact/mask them so that sensitive details are not exposed. Since the main purpose of the log message is likely to track changes in region IDs, we can log only the changed_region_ids without including the potentially sensitive client_ip and chip_id. If some form of traceability is required, we can log a truncated or hashed version of the identifiers, but the safest fix is to omit them entirely.
The change should be made in deploy/websocket_server/websocket_server.py at the line where the debug log is written (line 398). No new imports are required if we simply remove the sensitive fields from the log message.
| @@ -397,3 +397,3 @@ | ||
|
|
||
| logger.debug(f"{client_ip}:{chip_id} <<< changed_region_ids: {changed_region_ids}") | ||
| logger.debug(f"changed_region_ids: {changed_region_ids}") | ||
| logger.debug(f"{client_ip}:{chip_id} <<< empty_region_ids: {empty_region_ids}") |
| else: | ||
| # Якщо змін не було — пустий payload | ||
| payload = b'' | ||
| logger.debug(f"{client_ip}:{chip_id} <<< alert hashes: actual {alerts_hash_actual.hex()} | previous {client['alerts_hash'].hex()}") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we should avoid logging sensitive or potentially private data in clear text. Specifically, in the log statement on line 408, we should not log the full chip_id, client_ip, or the full alert hashes. Instead, we can log only non-sensitive information, or mask/obfuscate sensitive fields. For troubleshooting, it is often sufficient to log truncated hashes or anonymized identifiers. The best fix is to redact or hash the sensitive fields before logging, or to remove them from the log statement entirely.
Steps:
- Edit the log statement on line 408 to avoid logging sensitive data.
- If logging is necessary for debugging, mask or truncate the values (e.g., log only the first 6 characters of the hash, or use a generic label for
chip_id). - No new imports are needed, as string slicing and basic masking can be done with built-in Python features.
| @@ -407,3 +407,6 @@ | ||
| payload = b'' | ||
| logger.debug(f"{client_ip}:{chip_id} <<< alert hashes: actual {alerts_hash_actual.hex()} | previous {client['alerts_hash'].hex()}") | ||
| # Avoid logging sensitive data in clear text | ||
| logger.debug( | ||
| f"<<< alert hashes: actual {alerts_hash_actual.hex()[:6]}... | previous {client['alerts_hash'].hex()[:6]}..." | ||
| ) | ||
| await websocket.send(payload) |
| payload = b'' | ||
| logger.debug(f"{client_ip}:{chip_id} <<< alert hashes: actual {alerts_hash_actual.hex()} | previous {client['alerts_hash'].hex()}") | ||
| await websocket.send(payload) | ||
| logger.debug(f"{client_ip}:{chip_id} <<< new alert packet") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we should avoid logging sensitive information such as IP addresses and chip IDs in clear text. The best way to do this is to either remove these fields from the log message or to redact/mask them so that the log does not expose the full values. Since the log message on line 410 is for debugging purposes ("new alert packet"), it is likely sufficient to log only that the event occurred, without including the sensitive identifiers. If some form of identifier is necessary for correlation, consider logging a truncated hash or a generic placeholder.
Specifically, in deploy/websocket_server/websocket_server.py, line 410 should be changed to remove or redact client_ip and chip_id from the log message. No new imports or methods are required unless you choose to hash or mask the values, but the simplest and safest fix is to remove them from the log message.
| @@ -409,3 +409,3 @@ | ||
| await websocket.send(payload) | ||
| logger.debug(f"{client_ip}:{chip_id} <<< new alert packet") | ||
| logger.debug("New alert packet sent") | ||
| client["alerts_fusion"] = shared_data.alerts_fusion_actual |
| payload = header + notifications | ||
|
|
||
| await websocket.send(payload) | ||
| logger.debug(f"{client_ip}:{chip_id} <<< new notifications packet") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we should avoid logging sensitive information such as client_ip and chip_id in clear text. The best approach is to either remove these values from the log message or to redact/mask them so that sensitive details are not exposed. Since the log message is primarily for debugging the sending of a new notifications packet, we can either log a generic message or, if some identifier is needed, use a non-sensitive, non-unique value (such as a truncated hash or a generic placeholder). The change should be made only to the log message at line 419 in deploy/websocket_server/websocket_server.py. No new imports are needed if we simply remove or redact the sensitive data.
| @@ -418,3 +418,3 @@ | ||
| await websocket.send(payload) | ||
| logger.debug(f"{client_ip}:{chip_id} <<< new notifications packet") | ||
| logger.debug("New notifications packet sent to client.") | ||
| client["notifications_fusion"] = shared_data.notifications_fusion |
| client["alerts_hash"] = alerts_hash_initial | ||
| client["alerts_fusion"] = shared_data.alerts_fusion_actual | ||
| client["notifications_fusion"] = shared_data.notifications_fusion | ||
| logger.debug(f"{client_ip}:{chip_id} <<< alert hashes: actual {alerts_hash_actual.hex()} | previous {client['alerts_hash'].hex()}") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we should avoid logging sensitive information such as chip_id in clear text. The best approach is to redact or mask the sensitive value before logging, or to remove it from the log message entirely if it is not essential for debugging. In this case, we can replace the actual chip_id with a redacted string (e.g., "[REDACTED]") or a truncated/hash version if some traceability is needed without exposing the full value. The change should be made only to the log message on line 443 in deploy/websocket_server/websocket_server.py. No additional imports are needed if we simply redact or partially mask the value.
| @@ -442,3 +442,3 @@ | ||
| client["weather_fusion"] = shared_data.weather_fusion | ||
| logger.debug(f"{client_ip}:{chip_id} <<< alert hashes: actual {alerts_hash_actual.hex()} | previous {client['alerts_hash'].hex()}") | ||
| logger.debug(f"{client_ip}:[REDACTED] <<< alert hashes: actual {alerts_hash_actual.hex()} | previous {client['alerts_hash'].hex()}") | ||
| logger.debug(f"{client_ip}:{chip_id} <<< initial alert packet") |
| # send ping with fixed 1 byte binary payload, e.g. value 0x42 | ||
| payload = b'\x42' | ||
| pong_waiter = await websocket.ping(payload) | ||
| logger.debug(f"{client_ip}:{chip_id} >>> ping with payload: {payload.hex()} (binary)") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we should avoid logging sensitive information such as client_ip and chip_id in clear text. The best approach is to either remove these fields from the log message or to redact/mask them so that sensitive data is not exposed. Since the log message is for debugging the ping payload, it is likely sufficient to log only the event (that a ping was sent) and the payload, without including the sensitive identifiers. If some form of correlation is needed, a non-sensitive identifier or a truncated/masked version could be used, but the safest fix is to remove them entirely from the log message.
What to change:
- In
deploy/websocket_server/websocket_server.py, line 658, change the log message to excludeclient_ipandchip_id. - The log message can be changed to:
logger.debug(f"Ping sent with payload: {payload.hex()} (binary)") - No new imports or methods are needed.
| @@ -657,3 +657,3 @@ | ||
| pong_waiter = await websocket.ping(payload) | ||
| logger.debug(f"{client_ip}:{chip_id} >>> ping with payload: {payload.hex()} (binary)") | ||
| logger.debug(f"Ping sent with payload: {payload.hex()} (binary)") | ||
| latency = await asyncio.wait_for(pong_waiter, ping_timeout) |
…ions with their respective IDs and legacy IDs. Uncomment and restore alert handling logic for various regions, ensuring proper data handling for alerts, missiles, drones, and energy metrics.
…eval and improve data processing logic for alerts.
… data storage for explosions, missiles, drones, and kabs, and ensure proper alert timestamp updates.
…sure accurate data representation and processing.
…nclude websocket v2
- Updated the `convert_region_ids` function to ignore the slug variable in the loop for clarity. - Commented out the handling of the "Ballistic" alert type in the `update_alerts_fusion_websocket_v1` function, as it is not currently in use.
| empty_region_ids = fing_empty_regions(old_state, new_state) | ||
|
|
||
| logger.debug(f"{client_ip}:{chip_id} <<< changed_region_ids: {changed_region_ids}") | ||
| logger.debug(f"{client_ip}:{chip_id} <<< empty_region_ids: {empty_region_ids}") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we should avoid logging sensitive information such as client_ip and chip_id in clear text. The best approach is to redact or omit these values from the log message. If logging is necessary for debugging, consider logging only non-sensitive identifiers or using a hashed or truncated version of the sensitive data. In this case, we will remove client_ip and chip_id from the debug log message on line 399, and log only the changed_region_ids and empty_region_ids, which are not sensitive. This change should be made only to the specific log statement in the relevant function, and no other functionality should be altered.
| @@ -397,4 +397,4 @@ | ||
|
|
||
| logger.debug(f"{client_ip}:{chip_id} <<< changed_region_ids: {changed_region_ids}") | ||
| logger.debug(f"{client_ip}:{chip_id} <<< empty_region_ids: {empty_region_ids}") | ||
| logger.debug(f"changed_region_ids: {changed_region_ids}") | ||
| logger.debug(f"empty_region_ids: {empty_region_ids}") | ||
|
|
| weather = make_weather_batch(state) | ||
| payload = header + weather | ||
| await websocket.send(payload) | ||
| logger.debug(f"{client_ip}:{chip_id} <<< new weather packet") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we should avoid logging sensitive information such as IP addresses and device identifiers in clear text. In this case, the log message on line 427 should be modified to either remove the sensitive fields (client_ip and chip_id) or to mask them (e.g., by redacting or hashing). Since the message is only indicating that a new weather packet was sent, it is likely sufficient to log the event without including the sensitive data. If some identifier is needed for debugging, consider logging only a truncated or hashed version, or a non-sensitive identifier.
Steps:
- In
deploy/websocket_server/websocket_server.py, locate the log message on line 427. - Remove or redact
client_ipandchip_idfrom the log message. - Optionally, if some identifier is needed, log only a generic message or a non-sensitive identifier.
No new imports or methods are required for a simple removal or redaction.
| @@ -426,3 +426,3 @@ | ||
| await websocket.send(payload) | ||
| logger.debug(f"{client_ip}:{chip_id} <<< new weather packet") | ||
| logger.debug("New weather packet sent to client") | ||
| client["weather_fusion"] = shared_data.weather_fusion |
| client["notifications_fusion"] = shared_data.notifications_fusion | ||
| client["weather_fusion"] = shared_data.weather_fusion | ||
| logger.debug(f"{client_ip}:{chip_id} <<< alert hashes: actual {alerts_hash_actual.hex()} | previous {client['alerts_hash'].hex()}") | ||
| logger.debug(f"{client_ip}:{chip_id} <<< initial alert packet") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we should avoid logging sensitive information such as the full client_ip and chip_id in clear text. The best approach is to redact or hash these values before logging, so that the logs remain useful for debugging but do not expose sensitive data. In this case, we can hash both client_ip and chip_id using a secure hash function (e.g., SHA-256) and log only the first few characters of the hash (e.g., first 8 hex digits) to allow correlation without exposing the actual values. This change should be made only to the log message on line 444. We will need to import the hashlib module if it is not already imported.
| @@ -4,2 +4,3 @@ | ||
| import json | ||
| import hashlib | ||
| import random | ||
| @@ -443,3 +444,6 @@ | ||
| logger.debug(f"{client_ip}:{chip_id} <<< alert hashes: actual {alerts_hash_actual.hex()} | previous {client['alerts_hash'].hex()}") | ||
| logger.debug(f"{client_ip}:{chip_id} <<< initial alert packet") | ||
| # Redact sensitive data in logs by hashing | ||
| client_ip_hash = hashlib.sha256(str(client_ip).encode()).hexdigest()[:8] | ||
| chip_id_hash = hashlib.sha256(str(chip_id).encode()).hexdigest()[:8] | ||
| logger.debug(f"{client_ip_hash}:{chip_id_hash} <<< initial alert packet") | ||
|
|
| weather += struct.pack('<H B', int(rid), int(flags8) & 0xFF) | ||
| weather_payload = weather_header + weather | ||
| await websocket.send(weather_payload) | ||
| logger.debug(f"{client_ip}:{chip_id} <<< initial weather packet") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the problem, we should avoid logging sensitive information such as client_ip and chip_id in clear text. The best way to address this is to either remove these fields from the log message or to mask/anonymize them before logging. Since the log message is for debugging purposes, we can either log a generic message indicating that the initial weather packet was sent, or, if necessary, log only non-sensitive information. The change should be made on line 452 in deploy/websocket_server/websocket_server.py, replacing the log statement with one that does not include sensitive data. No new imports or definitions are required.
| @@ -451,3 +451,3 @@ | ||
| await websocket.send(weather_payload) | ||
| logger.debug(f"{client_ip}:{chip_id} <<< initial weather packet") | ||
| logger.debug("Initial weather packet sent") | ||
| client["initial"] = False |
…stamp formats and improve error handling
1 participant
No description provided.