fix(providers): harden easyRadiology portal flow against malformed responses#155
Conversation
…sponses
The portal orchestration (fetch/_check_view_code/_get_viewer_model)
assumed a well-formed response at every step: a non-JSON body, missing
keys, or an empty exams list crashed with opaque tracebacks, and
_decrypt_aes_cbc crashed with IndexError on empty ciphertext or an
opaque block-size error on truncated input. Now:
- _decrypt_aes_cbc validates ciphertext length up front (the manual
PKCS7 check is the only integrity signal in this unauthenticated
server-dictated CBC protocol, so it must be robust)
- protocol-shape mismatches raise a provider-level RuntimeError naming
the step ('the portal API may have changed')
- undecryptable access keys raise a distinct hint that the access code
may be wrong or the link expired
- fetch validates the presence of the access code and download link
Adds 13 tests covering the previously untested network orchestration
with mocked httpx (module coverage 72% -> 92%).
Fixes #139
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W4svt5QTs4WUMSy4HwiVt9
|
Warning Review limit reached
Next review available in: 21 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
Summary
The portal orchestration (
fetch→_check_view_code→_get_viewer_model) assumed a well-formed response at every step: a non-JSON body, missing keys (encryptedAccessKey,Salt,linkToERI), or an emptyexamslist crashed with opaque tracebacks._decrypt_aes_cbccrashed withIndexErroron empty ciphertext and an opaque pycryptodome block-size error on truncated input. The whole network flow had zero test coverage.Fixes #139
Changes
src/medcheck/providers/easyradiology.py:_decrypt_aes_cbc: validates ciphertext is a positive multiple of 16 up front — in this unauthenticated, server-dictated CBC protocol the manual PKCS7 check is the only integrity signal, so it must be robust against malformed inputRuntimeErrornaming the failing step ("… The portal API may have changed.") via a shared_unexpected_responsehelperValueErrorhinting the access code may be wrong or the link expired (a padding failure usually means wrong code, not protocol change)fetchvalidates the access code is present and the viewer model contains alinkToERItests/unit/test_providers/test_easyradiology.py: 13 new tests with mockedhttpx— non-JSON bodies, empty/missing exams, malformed exam entries, garbage ciphertext, error flags, missing download link, missing access code, empty/partial-block ciphertextTesting
uv run pytest) — 197 passeduv run pytest --cov-fail-under=85) — total 90.18% (was 88.3%)uv run ruff check .)uv run mypy src/medcheck --strict)uv run bandit -r src/medcheck -ll -q)Additional Notes
No protocol behavior changes — request shapes, scrypt/AES parameters, SSRF allowlist, and download caps are untouched; only response validation and error quality changed.
🤖 Generated with Claude Code
https://claude.ai/code/session_01W4svt5QTs4WUMSy4HwiVt9
Generated by Claude Code