Stop leaking internal error details to API clients #18

New Issue

Open

opened 2026-04-20 09:36:33 +00:00 by sharang · 0 comments

sharang commented 2026-04-20 09:36:33 +00:00

Owner

Copy Link

Copy Source

Problem

Internal error details (stack traces, SQL errors, file paths) are returned directly to clients:

• Go handlers: gin.H{"error": err.Error()} — exposes Go runtime errors to external callers
• Python routes: HTTPException(detail=str(e)) — exposes SQLAlchemy, psycopg2, and internal service errors

This aids attackers in fingerprinting the stack and crafting targeted exploits.

Required Actions

1. Python: create a global exception handler in main.py:

@app.exception_handler(Exception)
async def unhandled_exception(request, exc):
    logger.exception("Unhandled error", exc_info=exc)
    return JSONResponse({"detail": "Internal server error"}, status_code=500)

2. Go: create a httperr.Write variant that logs the full error internally and returns a sanitized message externally — the httperr package in ai-compliance-sdk/internal/platform/httperr/ should be updated
3. Only return detail=str(e) for domain validation errors (422) where the message is safe and user-facing

Acceptance Criteria

• curl -X POST /api/v1/controls -d 'invalid' returns {"detail": "Internal server error"}, not a stack trace
• Full error logged internally with request_id for correlation

## Problem Internal error details (stack traces, SQL errors, file paths) are returned directly to clients: - Go handlers: `gin.H{"error": err.Error()}` — exposes Go runtime errors to external callers - Python routes: `HTTPException(detail=str(e))` — exposes SQLAlchemy, psycopg2, and internal service errors This aids attackers in fingerprinting the stack and crafting targeted exploits. ## Required Actions 1. Python: create a global exception handler in `main.py`: ```python @app.exception_handler(Exception) async def unhandled_exception(request, exc): logger.exception("Unhandled error", exc_info=exc) return JSONResponse({"detail": "Internal server error"}, status_code=500) ``` 2. Go: create a `httperr.Write` variant that logs the full error internally and returns a sanitized message externally — the `httperr` package in `ai-compliance-sdk/internal/platform/httperr/` should be updated 3. Only return `detail=str(e)` for domain validation errors (422) where the message is safe and user-facing ## Acceptance Criteria - `curl -X POST /api/v1/controls -d 'invalid'` returns `{"detail": "Internal server error"}`, not a stack trace - Full error logged internally with `request_id` for correlation

sharang added this to the M3: Observability & Audit Logging milestone 2026-04-20 09:36:33 +00:00

sharang added the securityseverity: mediumobservability labels 2026-04-20 09:36:34 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feature/fisa-702-drittland-risiko

feat/dead-code-cleanup

feature/payment-compliance-module

feature/betriebsrat-compliance-module

last-build/main

Labels

Clear labels

config

Env vars, secrets management, startup validation

data-integrity

Transactions, indexes, pagination

frontend

Next.js, client-side concerns

observability

Logging, audit trails, health checks

reliability

Error handling, retries, circuit breakers

security

Auth, secrets, injection, tenant isolation

severity: critical

System-level risk, data breach or full outage

severity: high

Significant risk, must fix before go-live

severity: medium

Important but not blocking go-live

testing

Test coverage, integration tests

No Label observability security severity: medium

Milestone

No items

No Milestone M3: Observability & Audit Logging

Projects

Clear projects

No project

Assignees

Clear assignees

sharang (Sharang Parnerkar) Benjamin_Boenisch

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Benjamin_Boenisch/breakpilot-compliance#18