fix #3845 #3847
fix #3845 #3847
Conversation
Summary of ChangesHello @guillaumeblaquiere, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a critical security concern by implementing a robust system to prevent the leakage of client secrets. It centralizes the secure, in-memory storage of these secrets, redacts them from configuration objects, and only exposes them transiently during necessary authentication flows, significantly enhancing the overall security posture of the system's authentication handling. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
adk-bot
added
the
core
|
Response from ADK Triaging Agent Hello @guillaumeblaquiere, thank you for your contribution! To help the reviewers better understand and verify this important security fix, could you please provide logs or a screenshot demonstrating that the This will help speed up the review process. Thanks! |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request aims to prevent a client secret leak by redacting it and storing it in memory. While the approach is generally correct, the implementation introduces a critical security vulnerability where a secret could be left un-redacted if an error occurs during an OAuth token exchange. Additionally, there's a high-severity issue where sensitive access tokens are leaked to stderr for debugging. I've also included several medium-severity comments to improve code quality, efficiency, and maintainability. It is crucial to address the security flaws before merging.
| exchanged_credential = await exchanger.exchange( | ||
| credential, self._auth_config.auth_scheme | ||
| ) | ||
|
|
||
| # Redact client secret again after exchange to prevent leakage | ||
| if exchanged_credential.oauth2: | ||
| exchanged_credential.oauth2.client_secret = "<redacted>" |
There was a problem hiding this comment.
This block has a critical security flaw. If exchanger.exchange() fails, the client_secret on the credential object will remain un-redacted, leading to a secret leak. You must use a try...finally block to ensure the secret is always re-redacted. Additionally, the restored flag (set earlier) is unused and should be part of the re-redaction logic.
try:
exchanged_credential = await exchanger.exchange(
credential, self._auth_config.auth_scheme
)
finally:
# Always re-redact the secret on the original credential object if it was restored.
if restored and credential.oauth2:
credential.oauth2.client_secret = "<redacted>"
# Redact client secret again after exchange to prevent leakage
if exchanged_credential.oauth2:
exchanged_credential.oauth2.client_secret = "<redacted>"| sys.stderr.write( | ||
| f"[DEBUG] Assigned access_token: {auth_credential.oauth2.access_token}\n" | ||
| ) |
There was a problem hiding this comment.
Writing a sensitive access token directly to sys.stderr is a security risk, as stderr is often logged or monitored. This debug statement should be removed. If logging is necessary for debugging, use the logging module at the DEBUG level and avoid logging the token value itself.
src/google/adk/auth/auth_handler.py
Outdated
| # Restore secret if needed | ||
| credential = self.auth_config.exchanged_auth_credential | ||
| redacted = False | ||
| original_secret = None |
There was a problem hiding this comment.
The original_secret variable is initialized here and assigned a value on line 58, but it is never used. It should be removed to improve code clarity and avoid confusion.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request addresses a critical security vulnerability by preventing client secrets from being leaked. The approach of redacting the secret and storing it in memory on the server-side is sound. The changes are extensive and include new logic in CredentialManager and AuthHandler, as well as new tests to cover the secret handling.
My review focuses on ensuring the new logic is correct, robust, and maintainable. I've identified a critical bug in the secret re-redaction logic, some code duplication that should be addressed, and issues in the new tests that could lead to flakiness. Please see my detailed comments below.
| @pytest.mark.asyncio | ||
| async def test_credential_manager_redacts_secrets_in_raw_credential(): |
There was a problem hiding this comment.
The tests in this module modify the state of CredentialManager._CLIENT_SECRETS, which is a class-level variable. Since there is no setup/teardown logic to clear this dictionary between tests, state from one test can leak into another, making the test suite flaky and order-dependent. Please add a pytest fixture (e.g., an autouse fixture) to clear CredentialManager._CLIENT_SECRETS before each test runs.
src/google/adk/auth/auth_handler.py
Outdated
| # Restore secret if needed | ||
| credential = self.auth_config.exchanged_auth_credential | ||
| redacted = False | ||
|
|
||
| if credential and credential.oauth2 and credential.oauth2.client_id: | ||
| # Check if secret needs restoration | ||
| from .credential_manager import CredentialManager | ||
|
|
||
| secret = CredentialManager.get_client_secret(credential.oauth2.client_id) | ||
| if secret and credential.oauth2.client_secret == "<redacted>": | ||
| credential.oauth2.client_secret = secret | ||
| redacted = True | ||
|
|
||
| try: | ||
| res = await exchanger.exchange(credential, self.auth_config.auth_scheme) | ||
| return res | ||
| finally: | ||
| # Always re-redact if we restored it | ||
| if redacted and credential and credential.oauth2: | ||
| credential.oauth2.client_secret = "<redacted>" |
There was a problem hiding this comment.
This block for restoring and re-redacting the client secret is very similar to the logic in CredentialManager._exchange_credential. This code duplication can lead to maintenance challenges and potential inconsistencies (in fact, the CredentialManager version has a bug that this version doesn't). Consider centralizing this logic into a single helper function or a context manager within CredentialManager that can be used in both places. This would improve consistency and robustness.
| def setUp(self): | ||
| # Clear secret store | ||
| CredentialManager._CLIENT_SECRETS = {} |
There was a problem hiding this comment.
The setUp method will not be automatically called by pytest for a class that does not inherit from unittest.TestCase. This can lead to state from CredentialManager._CLIENT_SECRETS being shared between tests, causing them to be flaky. Please use a pytest fixture for test setup to ensure the secret store is cleared before each test. You could, for example, define a module-level autouse fixture.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request aims to fix a critical security issue where the client_secret was being leaked. The approach of redacting the secret upon CredentialManager initialization and using a context manager (restore_client_secret) to temporarily restore it for API calls is excellent. The addition of new unit tests to cover this new secret handling logic is also a great improvement. However, I've identified a critical security vulnerability in the new fallback logic within the _exchange_credential method. This logic could lead to using a secret for one client with another client's ID, which must be fixed. My review includes a specific comment with a suggested fix for this issue.
| # Determine if we need to fallback/lookup secret from raw credential | ||
| secret_to_use = None | ||
| if ( | ||
| credential.oauth2 | ||
| and credential.oauth2.client_id | ||
| and credential.oauth2.client_id not in self._CLIENT_SECRETS | ||
| and self._auth_config.raw_auth_credential | ||
| and self._auth_config.raw_auth_credential.oauth2 | ||
| and self._auth_config.raw_auth_credential.oauth2.client_id | ||
| in self._CLIENT_SECRETS | ||
| ): | ||
| # Fallback to look up using raw credential client id | ||
| secret_to_use = self._CLIENT_SECRETS[ | ||
| self._auth_config.raw_auth_credential.oauth2.client_id | ||
| ] | ||
|
|
||
| with self.restore_client_secret(credential, secret=secret_to_use): |
There was a problem hiding this comment.
This fallback logic introduces a critical security vulnerability. If the credential object being exchanged has a client_id that is different from the client_id in self._auth_config.raw_auth_credential, this code will proceed to use the secret associated with raw_auth_credential for the token exchange request of the credential object. Using a secret for one client with another client's ID is a severe security risk and will likely cause the token exchange to fail, or worse, lead to unintended access if the authentication server has lax validation.
It is much safer to rely only on the client_id from the credential being processed. The restore_client_secret context manager already correctly looks up the secret based on the client_id of the credential passed to it. If a secret is not found for that client_id, it is better to fail the operation than to silently use a potentially incorrect secret from another credential.
| # Determine if we need to fallback/lookup secret from raw credential | |
| secret_to_use = None | |
| if ( | |
| credential.oauth2 | |
| and credential.oauth2.client_id | |
| and credential.oauth2.client_id not in self._CLIENT_SECRETS | |
| and self._auth_config.raw_auth_credential | |
| and self._auth_config.raw_auth_credential.oauth2 | |
| and self._auth_config.raw_auth_credential.oauth2.client_id | |
| in self._CLIENT_SECRETS | |
| ): | |
| # Fallback to look up using raw credential client id | |
| secret_to_use = self._CLIENT_SECRETS[ | |
| self._auth_config.raw_auth_credential.oauth2.client_id | |
| ] | |
| with self.restore_client_secret(credential, secret=secret_to_use): | |
| with self.restore_client_secret(credential): |
2 participants
Link to Issue or Description of Change
1. Link to an existing issue (if applicable):
Problem:
The client_secret was leaked and shared with the client
Solution:
I was unable to solve the issue myself. I vibe coded it with Antigravity.
I checked the code, it looks good to me.
Testing Plan
Unit Tests:
Manual End-to-End (E2E) Tests:
Manual test is OK