From 154c32cceee49beb2fefb245e4458201375d442f Mon Sep 17 00:00:00 2001 From: gerald-hartig <153188145+gerald-hartig@users.noreply.github.com> Date: Wed, 25 Mar 2026 08:52:54 +1000 Subject: [PATCH 1/2] Sanitise health.py --- src/tasks/health.py | 76 +++++++++++++++++---------------------------- 1 file changed, 28 insertions(+), 48 deletions(-) diff --git a/src/tasks/health.py b/src/tasks/health.py index 6a4cfe5..43493f7 100644 --- a/src/tasks/health.py +++ b/src/tasks/health.py @@ -4,7 +4,6 @@ """Health check functionality for the addon store.""" -import os import logging from http import HTTPStatus from flask import jsonify @@ -12,51 +11,32 @@ log = logging.getLogger("addonStore.health") - def check_health(): - """Perform health checks and return status.""" - try: - # Check data folder exists and is accessible - no lock needed - data_folder = DataFolder.getDataFolderPath() - if not os.path.exists(data_folder): - return jsonify( - { - "status": "unhealthy", - "error": "Data folder not found", - }, - ), HTTPStatus.SERVICE_UNAVAILABLE - - # Basic git check without requiring lock - if not os.path.exists(os.path.join(data_folder, ".git")): - return jsonify( - { - "status": "unhealthy", - "error": "Git repository not initialized", - }, - ), HTTPStatus.SERVICE_UNAVAILABLE - - if DataFolder._current_hash is None: - return jsonify( - { - "status": "unhealthy", - "error": "Cache hash not initialized", - }, - ), HTTPStatus.SERVICE_UNAVAILABLE - - return jsonify( - { - "status": "healthy", - "git_hash": DataFolder._current_hash, - "data_folder": data_folder, - "update_in_progress": DataFolder.is_updating(), - }, - ), HTTPStatus.OK - - except Exception as e: - log.error(f"Health check failed: {str(e)}") - return jsonify( - { - "status": "unhealthy", - "error": str(e), - }, - ), HTTPStatus.SERVICE_UNAVAILABLE + """ + Perform a lightweight readiness check. + Relies purely on in-memory state to prevent I/O exhaustion DoS. + """ + try: + # If the hash isn't loaded, the app hasn't initialized its git data properly + if DataFolder._current_hash is None: + # Log the exact reason internally, but keep the external response generic + log.warning("Health check failed: Cache hash is not initialized.") + return jsonify({ + "status": "unhealthy" + }), HTTPStatus.SERVICE_UNAVAILABLE + + # Return minimal, non-sensitive data + return jsonify({ + "status": "healthy", + "git_hash": DataFolder._current_hash, + "update_in_progress": DataFolder.is_updating() + }), HTTPStatus.OK + + except Exception as e: + # Log the actual stack trace/error internally + log.exception(f"Healthcheck failed: {str(e)}") + + # Return a generic, opaque error to the client + return jsonify({ + "status": "unhealthy" + }), HTTPStatus.SERVICE_UNAVAILABLE From 45a7ecb23c8ac793f5b482021cba4f4809bd6d68 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 24 Mar 2026 22:53:16 +0000 Subject: [PATCH 2/2] Pre-commit auto-fix --- src/tasks/health.py | 63 +++++++++++++++++++++++++-------------------- 1 file changed, 35 insertions(+), 28 deletions(-) diff --git a/src/tasks/health.py b/src/tasks/health.py index 43493f7..2bc3d71 100644 --- a/src/tasks/health.py +++ b/src/tasks/health.py @@ -11,32 +11,39 @@ log = logging.getLogger("addonStore.health") + def check_health(): - """ - Perform a lightweight readiness check. - Relies purely on in-memory state to prevent I/O exhaustion DoS. - """ - try: - # If the hash isn't loaded, the app hasn't initialized its git data properly - if DataFolder._current_hash is None: - # Log the exact reason internally, but keep the external response generic - log.warning("Health check failed: Cache hash is not initialized.") - return jsonify({ - "status": "unhealthy" - }), HTTPStatus.SERVICE_UNAVAILABLE - - # Return minimal, non-sensitive data - return jsonify({ - "status": "healthy", - "git_hash": DataFolder._current_hash, - "update_in_progress": DataFolder.is_updating() - }), HTTPStatus.OK - - except Exception as e: - # Log the actual stack trace/error internally - log.exception(f"Healthcheck failed: {str(e)}") - - # Return a generic, opaque error to the client - return jsonify({ - "status": "unhealthy" - }), HTTPStatus.SERVICE_UNAVAILABLE + """ + Perform a lightweight readiness check. + Relies purely on in-memory state to prevent I/O exhaustion DoS. + """ + try: + # If the hash isn't loaded, the app hasn't initialized its git data properly + if DataFolder._current_hash is None: + # Log the exact reason internally, but keep the external response generic + log.warning("Health check failed: Cache hash is not initialized.") + return jsonify( + { + "status": "unhealthy", + } + ), HTTPStatus.SERVICE_UNAVAILABLE + + # Return minimal, non-sensitive data + return jsonify( + { + "status": "healthy", + "git_hash": DataFolder._current_hash, + "update_in_progress": DataFolder.is_updating(), + } + ), HTTPStatus.OK + + except Exception as e: + # Log the actual stack trace/error internally + log.exception(f"Healthcheck failed: {str(e)}") + + # Return a generic, opaque error to the client + return jsonify( + { + "status": "unhealthy", + } + ), HTTPStatus.SERVICE_UNAVAILABLE