Skip to content

Fix AIBuilder MLModel mapping and sanitize tokenized URLs#710

Open
ziad-ashraf7 wants to merge 1 commit intoaiondemand:developfrom
ziad-ashraf7:fix/aibuilder-mapping-token-url
Open

Fix AIBuilder MLModel mapping and sanitize tokenized URLs#710
ziad-ashraf7 wants to merge 1 commit intoaiondemand:developfrom
ziad-ashraf7:fix/aibuilder-mapping-token-url

Conversation

@ziad-ashraf7
Copy link

@ziad-ashraf7 ziad-ashraf7 commented Feb 27, 2026

Change(s)

Change Type: Fixed, Security, Changed

Change Category: Internal

Changelog Entry:

Improve AIBuilder MLModel connector mapping and URL safety by completing field mapping (version, distribution, license), extracting artifact-based distributions/versions, and preventing token exposure in user-facing and error-reported URLs.

Details:

  • Added missing mapping keys in src/connectors/aibuilder/aibuilder_mappings.py:
    • version -> version
    • distribution -> artifacts
    • license -> license
  • Updated src/connectors/aibuilder/aibuilder_mlmodel_connector.py to:
    • require only mandatory fields for structure validation (platform_resource_identifier, name)
    • map version with fallback from artifact version when top-level version is absent
    • map distribution from artifacts into RunnableDistribution
    • use token-free public same_as URL (.../get_solution?fullId=...)
    • sanitize token in error URL messages (apiToken masked)
    • add defensive response-shape checks for catalog list / solution list / solution payloads
  • Updated tests in src/tests/connectors/aibuilder/test_aibuilder_mlmodel_connector.py to verify:
    • mapped version
    • mapped distribution
    • token-free same_as
    • sanitized URLs in error messages

How to Test

  1. Ensure dependencies are installed:
    • python -m pip install -e ".[dev]"
  2. Run AIBuilder connector tests:
    • python -m pytest -q src/tests/connectors/aibuilder/test_aibuilder_mlmodel_connector.py
  3. Expected result:
    • 12 passed

Checklist

  • Tests have been added or updated to reflect the changes, or their absence is explicitly explained.
  • Documentation has been added or updated to reflect the changes, or their absence is explicitly explained.
    • No docs updated in this PR; changes are internal connector behavior and tests.
  • A self-review has been conducted checking:
    • No unintended changes have been committed.
    • The changes in isolation seem reasonable.
    • Anything that may be odd or unintuitive is provided with a GitHub comment explaining it (but consider if this should not be a code comment or in the documentation instead).
  • All CI checks pass before pinging a reviewer, or provide an explanation if they do not.
  • The PR title matches the changelog entry's one-line description.

Related Issues

Closes #709

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AIBuilder connector: complete mapping for version/distribution/license and prevent token leakage in URLs

1 participant

@ziad-ashraf7