http exception should come with text #11223
Comments
|
I'd like to work on this issue, but I don't have a detailed plan yet. Could someone provide some guidance on the best way to approach this? Thanks! |
|
Welcome to the vibrant world of open-source development with JabRef! Newcomers, we're excited to have you on board. Start by exploring our Contributing guidelines, and don't forget to check out our workspace setup guidelines to get started smoothly. Having any questions or issues? Feel free to ask here on GitHub. Need help setting up your local workspace? Join the conversation on JabRef's Gitter chat. And don't hesitate to open a (draft) pull request early on to show the direction it is heading towards. This way, you will receive valuable feedback. Happy coding! 🚀 |
|
@RehanChalana I am not sure how I can help you. Could you reproduce the output? If yes, then search in the code where the output is generated, how it flows through the code. And where the HTTP error message is shown. If not, please explain at which step you could not follow. |
|
Yes i was able to reproduce the output and yes i am following the stack trace to understand the flow and the source of HTTP error. Thanks for assistance |
|
I am able to change the output to by implementing this small change in the org/jabref/logic/importer/SearchBasedParserFetcher.java while catching IOException
Is this approach correct? Are there any potential issues or side effects I should be aware of? |
|
Just check through the fetcher implementations, there might be other
parameters for api key
Rehan Chalana ***@***.***> schrieb am Sa., 6. Juli 2024,
15:41:
… I am able to change the output to
image.png (view on web)
<https://github.com/JabRef/jabref/assets/139042983/c82d838f-9e14-4bdf-8f74-8f221f654c96>
by implementing this small change in the
org/jabref/logic/importer/SearchBasedParserFetcher.java while catching
IOException
throw new FetcherException((e.getCause().getMessage() + " while fetching
from " +
urlForQuery).replaceAll("api_key.*","api_key=REDACTED"), e);
Is this approach correct? Are there any potential issues or side effects I
should be aware of?
—
Reply to this email directly, view it on GitHub
<#11223 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACOFZBOTKDJK5CSPUVGGWDZK7QXVAVCNFSM6AAAAABGMZNM3OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMJRG42TQOJRGY>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
They did , thank you for pointing this out. In this case we can use a more general regular expression to check for potential parameters of api_key This will make sure api is not exposed with different cases and formats (e.g., "api_key", "ApiKeY", "API-KEY", etc.) I was able to reproduce the issue with other fetchers by selecting "Use Custom Key" and setting it to random value
Output:
|
The UX when a network error occurs, should be improved.
Currently:
Expanding the error results in
Tasks
Expected output:
The secrets should be removed from the URL. (Currently, the key is shown. See screenshot; the blurred part)
Other place, where it works as expected (!)
The log file of JabRef shows the full exception:
The text was updated successfully, but these errors were encountered: