Potential fix for code scanning alert no. 23: Information exposure th… #55
Conversation
…rough an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Pull Request Overview
Address information exposure by preventing raw exception details from being returned to clients during connection testing.
- Add early return on failure with a generic, user-friendly message
- Log server-side error details instead of exposing them in the response
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| # Log the detailed error server-side | ||
| print(f"Sanitized error: {message}") |
There was a problem hiding this comment.
Avoid printing potentially sensitive error details to stdout and the label 'Sanitized error' is misleading given the raw message is logged. Use the application's logger and redact sensitive values (e.g., tokens, passwords) before logging: replace with something like logger.error('Connection test failed: %s', redact(message)).
| print(f"Sanitized error: {message}") | ||
| # Provide generic error for user | ||
| user_message = "Connection test failed. Please check your details and try again or contact support." | ||
| return jsonify({'success': False, 'message': user_message}) |
There was a problem hiding this comment.
On failure, the API should return a non-2xx status code to accurately reflect the error state (e.g., 400 or 502). Suggest returning a tuple with status: return jsonify({'success': False, 'message': user_message}), 400.
…rough an exception