You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for contributing to the Docker-Selenium project! A PR well described will help maintainers to quickly review and merge it
Before submitting your PR, please check our contributing guidelines, applied for this repository.
Avoid large PRs, help reviewers by making them as simple and short as possible.
Add Basic Auth support for Grid endpoint status checks
Read SE_ROUTER_USERNAME and SE_ROUTER_PASSWORD environment variables
Encode credentials as Base64 and include in Authorization header
Log warnings for incomplete credential configurations
Diagram Walkthrough
flowchart LR
A["Environment Variables<br/>SE_ROUTER_USERNAME<br/>SE_ROUTER_PASSWORD"] -->|Read credentials| B["VideoService Config"]
B -->|Encode Base64| C["Authorization Header"]
C -->|Add to request| D["Node /status Endpoint"]
B -->|Log warnings| E["Incomplete credentials"]
Loading
File Walkthrough
Relevant files
Enhancement
video_service.py
Implement Basic Auth for Node status endpoint
Video/video_service.py
Added base64 import for encoding Basic Auth credentials
Added router_username and router_password environment variable configuration in __init__
Implemented Basic Auth header generation in wait_for_node_ready() method
Added logging for Basic Auth usage and warnings for incomplete credentials
Below is a summary of compliance checks for this PR:
Security Compliance
⚪
Cleartext Basic Auth
Description: Basic Auth credentials from SE_ROUTER_USERNAME/SE_ROUTER_PASSWORD may be sent to the Node /status endpoint even when SE_SERVER_PROTOCOL is http, which would expose credentials to interception on the network (Basic Auth is only safe when enforced over HTTPS/TLS). video_service.py [332-344]
Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance.
Status: Audit context missing: The new Basic Auth usage logging does not include sufficient audit context (e.g., actor/user identity, target, and outcome) to support reconstruction of authentication-related access to the /status endpoint if that action is considered critical in your audit policy.
if self.router_username and self.router_password:
- auth_token = base64.b64encode(f"{self.router_username}:{self.router_password}".encode("utf-8")).decode(- "utf-8"- )+ if self.se_server_protocol.lower() != "https":+ logger.warning("Basic Auth over non-HTTPS may expose credentials")+ auth_token = base64.b64encode(f"{self.router_username}:{self.router_password}".encode()).decode()
headers["Authorization"] = f"Basic {auth_token}"
logger.info("Using Basic Auth for Node /status endpoint")
Apply / Chat
Suggestion importance[1-10]: 8
__
Why: This is a valuable security enhancement that warns users about the risk of sending credentials over an unencrypted HTTP connection, which is a critical security concern.
Medium
General
Trim credential environment variables
Add .strip() when reading the SE_ROUTER_USERNAME and SE_ROUTER_PASSWORD environment variables to remove any leading or trailing whitespace.
Why: This is a good defensive programming practice that improves robustness by preventing common user errors with environment variables, such as accidental whitespace.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Thanks for contributing to the Docker-Selenium project!
A PR well described will help maintainers to quickly review and merge it
Before submitting your PR, please check our contributing guidelines, applied for this repository.
Avoid large PRs, help reviewers by making them as simple and short as possible.
Description
Fixes #3067 (continue)
Motivation and Context
Types of changes
Checklist
PR Type
Enhancement
Description
Add Basic Auth support for Grid endpoint status checks
Read SE_ROUTER_USERNAME and SE_ROUTER_PASSWORD environment variables
Encode credentials as Base64 and include in Authorization header
Log warnings for incomplete credential configurations
Diagram Walkthrough
File Walkthrough
video_service.py
Implement Basic Auth for Node status endpointVideo/video_service.py
base64import for encoding Basic Auth credentialsrouter_usernameandrouter_passwordenvironment variableconfiguration in
__init__wait_for_node_ready()method
credentials