Severity: Low
Component: Error Handling / Validation
Status: Requires Review
Description
Error messages should be reviewed to ensure they don't leak sensitive information about the backend infrastructure, internal paths, or implementation details.
Areas to Review
- Validation Errors: Check if detailed field validation errors reveal too much
- Database Errors: Ensure database connection errors don't leak credentials
- File System Errors: Verify path traversal errors don't reveal directory structure
- Git Errors: Check if git command errors expose system information
Example Issues to Check
// Potentially problematic error message
throw new Error(`Failed to clone repository from ${repoUrl}: ${gitError.message}`);
// Could reveal internal git setup, paths, etc.
// Better error message
throw new Error('Repository cloning failed. Please verify the repository URL.');Recommended Fix
// apps/backend/src/middleware/errorHandler.ts
export const errorHandler = (err: Error, req: Request, res: Response, next: NextFunction) => {
// Log full error internally
console.error('Error occurred:', {
message: err.message,
stack: err.stack,
path: req.path,
method: req.method,
ip: req.ip,
timestamp: new Date().toISOString()
});
// Generic error response for client
const isProduction = process.env.NODE_ENV === 'production';
res.status(500).json({
error: 'Internal Server Error',
code: 'INTERNAL_ERROR',
...((!isProduction && { message: err.message, stack: err.stack }))
});
};Testing
Review error messages by:
- Triggering various error conditions
- Checking for leaked file paths
- Verifying no stack traces in production
- Ensuring generic error messages externally
Severity: Low
Component: Error Handling / Validation
Status: Requires Review
Description
Error messages should be reviewed to ensure they don't leak sensitive information about the backend infrastructure, internal paths, or implementation details.
Areas to Review
Example Issues to Check
Recommended Fix
Testing
Review error messages by: