Skip to content

Commit cf90f1d

Browse files
manishdaitmanishdait
authored
chore: Resolve CodeQL reflected-XSS warning in TCK JSON-RPC endpoint (hiero-ledger#1875)
Signed-off-by: Manish Dait <daitmanish88@gmail.com>
1 parent 61a6f38 commit cf90f1d

File tree

2 files changed

+7
-7
lines changed

2 files changed

+7
-7
lines changed

CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ This changelog is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.
1919

2020
### Src
2121
- Fix `TopicInfo.__str__()` to format `expiration_time` in UTC so unit tests pass in non-UTC environments. (#1800)
22-
-
22+
- Resolve CodeQL `reflected-XSS` warning in TCK JSON-RPC endpoint
2323

2424
### Examples
2525
- Refactor `examples/file/file_create_transaction.py` to remove `os`,`dotenv`,`AccountId`,`PrivateKey`,`Network` imports that are no longer needed and updated setup-client() (#1610)

tck/server.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
import os
33
from dataclasses import dataclass, field
44
import logging
5-
from flask import Flask, request
5+
from flask import Flask, jsonify, request
66
from tck.errors import JsonRpcError
77
from tck.handlers import safe_dispatch
88
from tck.protocol import build_json_rpc_error_response, build_json_rpc_success_response, parse_json_rpc_request
@@ -30,20 +30,20 @@ def json_rpc_endpoint():
3030
"""JSON-RPC 2.0 endpoint to handle requests."""
3131
if request.mimetype != 'application/json':
3232
error = JsonRpcError.parse_error(message='Parse error: Content-Type must be application/json')
33-
return build_json_rpc_error_response(error, None)
33+
return jsonify(build_json_rpc_error_response(error, None))
3434
try:
3535
request_json = request.get_json(force=True)
3636
except Exception:
3737
# Malformed JSON - return parse error
3838
error = JsonRpcError.parse_error()
39-
return build_json_rpc_error_response(error, None)
39+
return jsonify(build_json_rpc_error_response(error, None))
4040

4141
# Parse and validate the JSON-RPC request
4242
parsed_request = parse_json_rpc_request(request_json)
4343
if isinstance(parsed_request, JsonRpcError):
4444
# Use request id if available, else None per JSON-RPC 2.0 spec
4545
request_id = request_json.get('id') if isinstance(request_json, dict) else None
46-
return build_json_rpc_error_response(parsed_request, request_id)
46+
return jsonify(build_json_rpc_error_response(parsed_request, request_id))
4747

4848

4949
method_name = parsed_request['method']
@@ -56,10 +56,10 @@ def json_rpc_endpoint():
5656

5757
# If the response is already an error response, return it directly
5858
if isinstance(response, dict) and 'jsonrpc' in response and 'error' in response:
59-
return response
59+
return jsonify(response)
6060

6161
# Build and return the success response
62-
return build_json_rpc_success_response(response, request_id)
62+
return jsonify(build_json_rpc_success_response(response, request_id))
6363

6464
def start_server(config: ServerConfig | None = None):
6565
"""Start the JSON-RPC server using Flask."""

0 commit comments

Comments
 (0)