π‘οΈ Sentinel: [MEDIUM] Fix Exception Detail Leakage in Upload Endpoint#67
π‘οΈ Sentinel: [MEDIUM] Fix Exception Detail Leakage in Upload Endpoint#67socialawy-dev wants to merge 1 commit into
Conversation
This commit modifies `src/audioformation/server/routes.py` to prevent leaking internal exception details (such as stack traces or internal paths) to the client via a 500 error response. The internal exception is now logged privately using `logger.error`, and a generic error detail is returned in the HTTP response. Co-authored-by: socialawy <24765060+socialawy@users.noreply.github.com>
|
π Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a π emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses a security vulnerability where internal exception details were leaked to clients via the ingest endpoint. The changes ensure that errors are logged privately on the server while returning a generic error message to the user. Feedback suggests correcting the endpoint name in the security documentation and utilizing logger.exception instead of logger.error to ensure full stack traces are captured for debugging.
| ## 2025-02-21 - Exception Detail Leakage in Upload Endpoint | ||
| **Vulnerability:** The /projects/{project_id}/upload and similar ingest endpoints in src/audioformation/server/routes.py included the raw exception object (e) directly inside the HTTPException detail message string. This could leak internal paths, underlying library exceptions, or environmental details to untrusted clients if the upload process fails. |
There was a problem hiding this comment.
The security log incorrectly identifies the /projects/{project_id}/upload endpoint as the source of the information leak. The code changes show that the vulnerability was actually in the /projects/{project_id}/ingest endpoint. The upload endpoint already used a generic error message. The documentation should be updated for accuracy.
| ## 2025-02-21 - Exception Detail Leakage in Upload Endpoint | |
| **Vulnerability:** The /projects/{project_id}/upload and similar ingest endpoints in src/audioformation/server/routes.py included the raw exception object (e) directly inside the HTTPException detail message string. This could leak internal paths, underlying library exceptions, or environmental details to untrusted clients if the upload process fails. | |
| ## 2025-02-21 - Exception Detail Leakage in Ingest Endpoint | |
| **Vulnerability:** The /projects/{project_id}/ingest and similar endpoints in src/audioformation/server/routes.py included the raw exception object (e) directly inside the HTTPException detail message string. This could leak internal paths, underlying library exceptions, or environmental details to untrusted clients if the ingest process fails. |
| ## 2025-02-21 - Exception Detail Leakage in Upload Endpoint | ||
| **Vulnerability:** The /projects/{project_id}/upload and similar ingest endpoints in src/audioformation/server/routes.py included the raw exception object (e) directly inside the HTTPException detail message string. This could leak internal paths, underlying library exceptions, or environmental details to untrusted clients if the upload process fails. | ||
| **Learning:** When raising HTTP errors that are exposed to clients, avoid formatting internal exceptions into the response detail. Internal details must be logged privately on the server side. | ||
| **Prevention:** Use a private logging mechanism (e.g. logger.error) and return generic error details to the user (e.g. raise HTTPException(status_code=500, detail="Upload failed")). |
There was a problem hiding this comment.
It is recommended to suggest logger.exception in the prevention advice, as it ensures that the full stack trace is captured for debugging server-side failures, which is more effective than just logging the exception message.
| **Prevention:** Use a private logging mechanism (e.g. logger.error) and return generic error details to the user (e.g. raise HTTPException(status_code=500, detail="Upload failed")). | |
| **Prevention:** Use a private logging mechanism (e.g. logger.exception) and return generic error details to the user (e.g. raise HTTPException(status_code=500, detail="Upload failed")). |
| except Exception as e: | ||
| shutil.rmtree(tmp_dir, ignore_errors=True) | ||
| raise HTTPException(status_code=500, detail=f"Upload failed: {e}") | ||
| logger.error(f"Upload failed: {e}") |
There was a problem hiding this comment.
Using logger.exception is preferred over logger.error when handling an exception that results in a 500 error. logger.exception automatically captures the full stack trace, which is essential for diagnosing the root cause of failures in production.
| logger.error(f"Upload failed: {e}") | |
| logger.exception("Upload failed") |
socialawy
deleted the
sentinel-fix-upload-exception-leak-6066871779753876832
branch
Understood. Acknowledging that this work is superseded by #90 and stopping work on this task. |
2 participants
π¨ Severity: MEDIUM
π‘ Vulnerability: The
upload_filerelated error handling directly embedded theExceptionobject (e) in theHTTPExceptiondetail, causing information leakage.π― Impact: An attacker or untrusted client could potentially see server-side paths, dependency exceptions, or other internal data.
π§ Fix: Removed
f"Upload failed: {e}"and replaced it with a privatelogger.error(f"Upload failed: {e}")and a sanitizedraise HTTPException(status_code=500, detail="Upload failed").β Verification: Ran the test suite to verify no regressions were introduced.
PR created automatically by Jules for task 6066871779753876832 started by @socialawy