-
Notifications
You must be signed in to change notification settings - Fork 0
🛡️ Sentinel: [HIGH] Fix Information Exposure through Exceptions #123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: staging
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,3 @@ | ||
| ## 2026-03-27 - Prevent SQL Error Leakage | Vulnerability: Information Exposure through Error Messages | Learning: Database error traces bubbling up to users can leak schema and path information. | Prevention: Catch database exceptions and return generic error messages (e.g. 500 Internal Server Error) to the client while logging the detailed exception server-side. | ||
| ## 2026-03-29 - Server-Side Logging of Database Errors | Vulnerability: Insufficient Logging and Monitoring | Learning: Swallowing database errors without logging them hides potential malicious activity like SQL injection attempts. | Prevention: Always log database exception details using `logger.error` on the backend before returning a sanitized generic error to the client. | ||
| ## 2026-03-31 - Mask API Exception Details | Vulnerability: Information Exposure through Exceptions | Learning: Passing raw exception objects (`str(e)`) directly to FastAPI `HTTPException` detail fields leaks internal stack traces and error states to end-users. | Prevention: Always log exception objects server-side using `logger.error()` and raise HTTPExceptions with generic error details like 'Internal server error', removing the `from e` exception chaining clause. | ||
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -406,7 +406,7 @@ async def infer(request: PixelInferenceRequest, background_tasks: BackgroundTask | |||||
| return await inference_engine.generate_response(request) | ||||||
| except Exception as e: | ||||||
| logger.error(f"Inference error: {e}") | ||||||
| raise HTTPException(status_code=500, detail=str(e)) from e | ||||||
| raise HTTPException(status_code=500, detail="Internal server error") | ||||||
|
Comment on lines
407
to
+409
|
||||||
|
|
||||||
|
|
||||||
| @app.post("/batch-infer") | ||||||
|
|
@@ -422,7 +422,7 @@ async def batch_infer(requests: list[PixelInferenceRequest]): | |||||
| responses.append(response) | ||||||
| except Exception as e: | ||||||
| logger.error(f"Batch inference error: {e}") | ||||||
| responses.append({"error": str(e)}) | ||||||
| responses.append({"error": "Internal server error"}) | ||||||
|
Comment on lines
423
to
+425
|
||||||
|
|
||||||
| return {"results": responses} | ||||||
|
|
||||||
|
|
@@ -437,7 +437,7 @@ async def reload_model(): | |||||
| raise HTTPException(status_code=500, detail="Failed to reload model") | ||||||
| except Exception as e: | ||||||
| logger.error(f"Reload error: {e}") | ||||||
|
||||||
| logger.error(f"Reload error: {e}") | |
| logger.exception(f"Reload error: {e}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This guidance claims removing
from eprevents internal details from bubbling up, butraise HTTPException(...)inside anexceptstill implicitly retains exception context (as__context__) unless explicitly suppressed (e.g.,from None). If the intent is purely to avoid leaking details to clients, the key control is the sanitizeddetail=...; if the intent is to suppress chaining in tracebacks, the doc should mentionfrom None(or clarify that chaining affects tracebacks/logs, not the HTTP response body).