From 7e6cff36c955106198b26bc34fe3eed6c0b9869f Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Tue, 21 Apr 2026 22:17:11 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[MEDIUM]=20?=
 =?UTF-8?q?Fix=20error=20handling=20exposing=20internal=20details=20in=20/?=
 =?UTF-8?q?ingest?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replaced raw exception string in the HTTPException detail response with a generic error message, and logged the actual exception internally using logger.exception() to prevent leakage of internal system details and stack traces to clients.

Co-authored-by: socialawy <24765060+socialawy@users.noreply.github.com>
---
 src/audioformation/server/routes.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/audioformation/server/routes.py b/src/audioformation/server/routes.py
index 34c9bec..dbbf2d6 100644
--- a/src/audioformation/server/routes.py
+++ b/src/audioformation/server/routes.py
@@ -185,7 +185,8 @@ async def ingest_files(
                 shutil.copyfileobj(file.file, buffer)
     except Exception as e:
         shutil.rmtree(tmp_dir, ignore_errors=True)
-        raise HTTPException(status_code=500, detail=f"Upload failed: {e}")
+        logger.exception(f"Ingest upload failed: {e}")
+        raise HTTPException(status_code=500, detail="Upload failed")
 
     background_tasks.add_task(
         _run_with_status,