refactor(core): Improve security violation error in native Python runner (#19286)

packages/@n8n/task-runner-python/src/constants.py

@@ -144,4 +144,3 @@ ERROR_DANGEROUS_ATTRIBUTE = "Access to attribute '{attr}' is disallowed, because
 ERROR_DYNAMIC_IMPORT = (
     "Dynamic __import__() calls are not allowed for security reasons."
 )
-ERROR_SECURITY_VIOLATIONS = "Security violations detected:\n{violations}"

packages/@n8n/task-runner-python/src/errors/security_violation_error.py

@@ -1,4 +1,9 @@
 class SecurityViolationError(Exception):
-    """Raised when code violates security policies, typically through use of disallowed modules or builtins."""
+    """Raised when code violates security policies, typically through the use of disallowed modules or builtins."""
 
-    pass
+    def __init__(
+        self, message: str = "Security violations detected", description: str = ""
+    ):
+        super().__init__(message)
+        self.message = message
+        self.description = description

packages/@n8n/task-runner-python/src/task_analyzer.py

@@ -12,7 +12,6 @@ from src.constants import (
     ERROR_EXTERNAL_DISALLOWED,
     ERROR_DANGEROUS_ATTRIBUTE,
     ERROR_DYNAMIC_IMPORT,
-    ERROR_SECURITY_VIOLATIONS,
     ALWAYS_BLOCKED_ATTRIBUTES,
     UNSAFE_ATTRIBUTES,
 )
@@ -186,8 +185,9 @@ class TaskAnalyzer:
             self._raise_security_error(security_validator.violations)
 
     def _raise_security_error(self, violations: CachedViolations) -> None:
-        message = ERROR_SECURITY_VIOLATIONS.format(violations="\n".join(violations))
-        raise SecurityViolationError(message)
+        raise SecurityViolationError(
+            message="Security violations detected", description="\n".join(violations)
+        )
 
     def _to_cache_key(self, code: str) -> CacheKey:
         code_hash = hashlib.sha256(code.encode()).hexdigest()

packages/@n8n/task-runner-python/src/task_runner.py

@@ -327,7 +327,11 @@ class TaskRunner:
 
         except Exception as e:
             self.logger.error(f"Task {task_id} failed", exc_info=True)
-            response = RunnerTaskError(task_id=task_id, error={"message": str(e)})
+            error = {
+                "message": getattr(e, "message", str(e)),
+                "description": getattr(e, "description", ""),
+            }
+            response = RunnerTaskError(task_id=task_id, error=error)
             await self._send_message(response)
 
         finally: