socialawy · socialawy-dev · May 22, 2026 · gemini-code-assist · May 22, 2026
diff --git a/.jules/sentinel.md b/.jules/sentinel.md
@@ -6,3 +6,8 @@
 **Vulnerability:** The custom `SafeStaticFiles` middleware in `src/audioformation/server/app.py` intended to block access to sensitive directories (like `00_CONFIG` and `.git`). However, it used `p = Path(path).lower()`, which raises an `AttributeError` because `pathlib.Path` objects lack a `.lower()` method. This effectively broke static file serving entirely (causing 500 errors) and represented a malformed security check. If such errors were ever 'swallowed' without raising an HTTP exception, it could result in 'failing open' and allowing access to sensitive files.
 **Learning:** Security checks that rely on path manipulation or normalization must be carefully tested for runtime exceptions. An unhandled exception in a security gate can either block legitimate traffic (Denial of Service) or, if caught improperly elsewhere, fail open. Always normalize the string representation of paths before converting them to `Path` objects.
 **Prevention:** Thoroughly test security middleware endpoints for both valid and invalid access attempts. Ensure that path string normalizations like `.lower()` are applied directly to the string before instantiating `Path(str(path).lower())`.
+
+## 2025-02-23 - Information Disclosure in Ingest Route Exception Handling
+**Vulnerability:** In `src/audioformation/server/routes.py`, the `/projects/{project_id}/ingest` endpoint was returning internal exception details directly in the `HTTPException` detail field upon file upload failure (`raise HTTPException(status_code=500, detail=f"Upload failed: {e}")`). This could expose sensitive internal paths, library versions, or system state to a client.
+**Learning:** Returning unhandled exception strings (like `str(e)`) in HTTP responses is a common source of information disclosure. Error handlers must 'fail closed' and sanitize external error messages while logging the actual cause internally.
+**Prevention:** Always use internal logging (`logger.error` or `logger.exception`) to capture the full exception, and return a generic, safe error message to the client (e.g., `detail="Upload failed"`).
diff --git a/src/audioformation/server/routes.py b/src/audioformation/server/routes.py
@@ -185,7 +185,8 @@ async def ingest_files(
                 shutil.copyfileobj(file.file, buffer)
     except Exception as e:
         shutil.rmtree(tmp_dir, ignore_errors=True)
-        raise HTTPException(status_code=500, detail=f"Upload failed: {e}")
+        logger.error(f"Upload failed: {e}")
-        logger.error(f"Upload failed: {e}")
+        logger.exception("Upload failed")
-        logger.error(f"Upload failed: {e}")
+        logger.exception("Upload failed")
+        raise HTTPException(status_code=500, detail="Upload failed")
 
     background_tasks.add_task(
         _run_with_status,

diff --git a/src/audioformation/utils/security.py b/src/audioformation/utils/security.py
@@ -81,7 +81,7 @@ def validate_path_within(path: Path, root: Path) -> bool:
             return resolved_path.is_relative_to(resolved_root)
 
         return False
-    except (ValueError, RuntimeError, OSError):
+    except (ValueError, RuntimeError, OSError, TypeError, AttributeError):
         return False
 
 

diff --git a/uv.lock b/uv.lock