🛡️ Sentinel: [MEDIUM] Fix error handling exposing internal details#68
🛡️ Sentinel: [MEDIUM] Fix error handling exposing internal details#68socialawy-dev wants to merge 1 commit into
Conversation
… /ingest Replaced raw exception string in the HTTPException detail response with a generic error message, and logged the actual exception internally using logger.exception() to prevent leakage of internal system details and stack traces to clients. Co-authored-by: socialawy <24765060+socialawy@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request improves error handling in the ingest_files route by logging exceptions and returning a generic error message to the client. The review feedback identifies an opportunity to improve the API's accuracy by handling ValueError as a 400 Bad Request instead of a 500 Internal Server Error, and notes that the exception object is redundantly included in the logger.exception call.
| logger.exception(f"Ingest upload failed: {e}") | ||
| raise HTTPException(status_code=500, detail="Upload failed") |
There was a problem hiding this comment.
The current implementation catches all exceptions and returns a 500 Internal Server Error. However, sanitize_filename raises a ValueError if the input is invalid (e.g., empty after sanitization), which is a client-side error that should return a 400 Bad Request. Returning a 500 error for client-side issues can mislead users and trigger unnecessary server-side alerts.
Additionally, when using logger.exception(), the exception details (message and traceback) are automatically captured and appended to the log output. Including {e} in the message string is redundant and leads to cluttered logs where the error message appears twice.
if isinstance(e, ValueError):
raise HTTPException(status_code=400, detail=str(e))
logger.exception("Ingest upload failed")
raise HTTPException(status_code=500, detail="Upload failed")
Understood. Acknowledging that this work is now obsolete and stopping work on this task. |
2 participants
🚨 Severity: MEDIUM
💡 Vulnerability: The
/projects/{project_id}/ingestAPI endpoint caught generic exceptions during file upload processing and interpolated the exception string directly into theHTTPExceptiondetail returned to the client.🎯 Impact: This allowed system-level exceptions (like
OSErrororshutilerrors) to leak sensitive internal details, such as file paths and server internal states, to the end-user or potential attackers.🔧 Fix: Replaced the raw exception string (
{e}) in theHTTPExceptionresponse with a generic "Upload failed" message. Logged the actual exception usinglogger.exception()to ensure the error is safely recorded internally for debugging without external exposure.✅ Verification: Verified by inspecting the changes and running
pytesttest suite, validating that tests continue to pass and exceptions are successfully isolated to server logs.PR created automatically by Jules for task 7886688864749258669 started by @socialawy