Catch CipherError and TypeError in run_cipher and raise EncryptorError #4365
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Wraps OpenSSL::Cipher::CipherError and TypeError in a custom EncryptorError to allow centralized handling in ApplicationController. This enables consistent 500 error responses with clearer messages like "Error while processing encrypted data".
kathap
force-pushed
the
improve-run-cipher-error-handling
branch
from
02d4e62 to
8edbb87
Compare
tcdowney
reviewed
May 23, 2025
Member
tcdowney
left a comment
tcdowney
left a comment
There was a problem hiding this comment.
Overall LGTM, but had a quick question.
| message: "The UAA is currently rate limited. Please try again later" | ||
|
|
||
| 10001: | ||
| 10081: |
Contributor
Author
There was a problem hiding this comment.
There exists already error with that code, I thought it would probably better to have an unique error code to identify them more easily.
jochenehret
approved these changes
May 27, 2025
ari-wg-gitbot
added a commit
to cloudfoundry/capi-release
that referenced
this pull request
Jun 3, 2025
Changes in cloud_controller_ng:
- Catch CipherError and TypeError in run_cipher and raise EncryptorError
PR: cloudfoundry/cloud_controller_ng#4365
Author: Katharina Przybill <30441792+kathap@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Wraps OpenSSL::Cipher::CipherError and TypeError in a custom EncryptorError to allow centralized handling in ApplicationController. This enables consistent 500 error responses with clearer messages like "Error while processing encrypted data".
A short explanation of the proposed change:
This change wraps OpenSSL::Cipher::CipherError and TypeError raised during encryption/decryption in a custom EncryptorError exception. The ApplicationController is updated to catch this new exception.
An explanation of the use cases your change solves
If a TypeError is raised by OpenSSL::PKCS5.pbkdf2_hmac (e.g., due to a nil or invalid key), or if a CipherError occurs during encryption or decryption, these are now caught and wrapped in a custom EncryptorError. This ensures the error is handled gracefully in the ApplicationController, and the user receives a standardized and meaningful 500 error response.
Links to any other associated PRs
Improves Add error handling for invalid encryption keys with logging #4326
I have reviewed the contributing guide
I have viewed, signed, and submitted the Contributor License Agreement
I have made this pull request to the
mainbranchI have run all the unit tests using
bundle exec rakeI have run CF Acceptance Tests