Skip to content

Potential fix for code scanning alert no. 3: Information exposure through an exception#23

Merged
xdrew87 merged 1 commit into
mainfrom
alert-autofix-3
Jun 28, 2026
Merged

Potential fix for code scanning alert no. 3: Information exposure through an exception#23
xdrew87 merged 1 commit into
mainfrom
alert-autofix-3

Conversation

@xdrew87

@xdrew87 xdrew87 commented Jun 28, 2026

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/xdrew87/wraith/security/code-scanning/3

To fix this, keep detailed error info in server logs but remove exception text from the API response.

Best single fix in dashboard/backend/app.py:

  • In health()’s except Exception as e: block (around lines 129–131), replace the current logger.error(..., e) with logger.exception(...) so stack trace is logged server-side.
  • Replace the JSON response that includes "detail": str(e) with a generic non-sensitive message, e.g. "detail": "Database check failed".

This preserves functionality (503 degraded health response) while preventing exception details from being exposed externally.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…ough an exception

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@xdrew87 xdrew87 marked this pull request as ready for review June 28, 2026 16:06
@xdrew87 xdrew87 merged commit 0745b6e into main Jun 28, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant