Potential fix for code scanning alert no. 22: Information exposure through an exception

[BetterMint]

Potential fix for https://github.com/BetterMint/BetterMITM/security/code-scanning/22

To fix the issue, avoid returning raw exception details (e.g., str(e)) to the web client. Instead, return only neutral, generic error messages (such as "Internal server error" or "Script execution failed"), and log the actual exception details on the server side for diagnostic purposes. This approach keeps detailed debug information out of the hands of potential attackers while still making it available for developers/maintainers.

Required steps:

• In BetterMITM/addons/web_script_executor.py:

  • In every place where an exception is caught and str(e) is included in the returned dictionary (lines 164, 288, and 327), replace this with a fixed string like "Internal server error" or "Script execution failed".
  • Also, ensure the actual exception details are logged on the server (logger.error(...)), which is already done at least on line 163.

• In BetterMITM/tools/web/app.py:

  • No change to direct subprocess or exec exception catches is needed for this alert, but the place where result is written to the client (line 1509) should be reviewed. After the fix in the script executor, result cannot contain dangerous exception details.

No new methods or special imports are required, as logging is already being used.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.