🛡️ Sentinel: [MEDIUM] Fix error message information exposure#74
🛡️ Sentinel: [MEDIUM] Fix error message information exposure#74socialawy-dev wants to merge 1 commit into
Conversation
Replaced exception string interpolation in the HTTPException response with a safe, generic message during file uploads, preventing the leakage of internal stack traces or paths. The actual exception is now securely logged server-side. Co-authored-by: socialawy <24765060+socialawy@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses an information disclosure vulnerability in the ingest_files endpoint by masking internal exception details from the client and logging them server-side. It also updates the sentinel log to document this security practice. A suggestion was made to use logger.exception() instead of logger.error() to ensure full stack traces are captured for debugging purposes.
| except Exception as e: | ||
| shutil.rmtree(tmp_dir, ignore_errors=True) | ||
| raise HTTPException(status_code=500, detail=f"Upload failed: {e}") | ||
| logger.error(f"Upload failed for project {project_id}: {e}") |
There was a problem hiding this comment.
To ensure that exception details are fully preserved for debugging as intended by this PR, use logger.exception() instead of logger.error(). While logger.error() with string interpolation only captures the exception's message, logger.exception() automatically includes the full stack trace in the logs, which is essential for diagnosing the root cause of internal server errors (500).
| logger.error(f"Upload failed for project {project_id}: {e}") | |
| logger.exception(f"Upload failed for project {project_id}") |
socialawy
deleted the
sentinel/medium-exception-information-disclosure-7392054006076093360
branch
Understood. Acknowledging that this work is now superseded by #90 and stopping work on this task. |
2 participants
🚨 Severity: MEDIUM
💡 Vulnerability: The API route for ingesting files exposed raw exception strings directly to the client via
HTTPExceptiondetail fields when a failure occurred during theUploadFileprocessing.🎯 Impact: If an upload fails due to filesystem permission issues, disk space, or a corrupted stream, the internal path, environment details, or stack trace could be leaked to an attacker.
🔧 Fix: Replaced the string interpolation (
{e}) in the client-facing response with a generic "Upload failed due to an internal error" message, and added an internallogger.errorcall to ensure the exception details are securely preserved for debugging.✅ Verification: Verified via pytest test suite (
pytest -k ...) that internal error handling does not break the expected failure flows.PR created automatically by Jules for task 7392054006076093360 started by @socialawy