Skip to content

fix(pg-pkg): mask internal error details in HTTP responses (#217)#221

Draft
dobby-coder[bot] wants to merge 1 commit into
mainfrom
fix/217-mask-internal-error-messages
Draft

fix(pg-pkg): mask internal error details in HTTP responses (#217)#221
dobby-coder[bot] wants to merge 1 commit into
mainfrom
fix/217-mask-internal-error-messages

Conversation

@dobby-coder

@dobby-coder dobby-coder Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

ResponseError::error_response() in pg-pkg/src/error.rs built the client-facing JSON body with format!("{}", self) for every error variant. Error::Prometheus(e)'s Display impl embeds the underlying prometheus error text (prometheus error: {e}), so internal implementation details were forwarded to HTTP response bodies — the hardening concern tracked in #217 / GHSA-c2rq-r4h4-xr73.

Changes

  • Error::Prometheus now returns a generic "internal server error" message in the HTTP response body.
  • The full error is still logged server-side via log::error! (the crate's existing logging facility), so operators lose no diagnostic detail.
  • All client-facing error variants (e.g. SessionNotFound, ChronologyError, APIKeyInvalid) keep their existing descriptive messages — those are intentional and carry no internals.
  • Status codes are unchanged (Error::Prometheus still maps to 500).

Tests

Added unit tests in pg-pkg/src/error.rs:

  • prometheus_error_is_masked_in_response_body — asserts the response body is {"error": true, "message": "internal server error"}, returns 500, and that the sensitive inner detail never appears in the body (while remaining available via Display for logging).
  • client_facing_error_message_is_preserved — asserts a normal client error (SessionNotFound) still returns its descriptive message.

Verified locally:

  • cargo test -p pg-pkg error:: — both new tests pass.
  • cargo fmt --all -- --check — clean.
  • cargo build --profile edge --bin pg-pkg — builds on the Docker/CI toolchain path.

Refs #217

🤖 Generated with Claude Code

Internal-only error variants leaked implementation details into HTTP
response bodies via format!("{}", self). Error::Prometheus embeds the
underlying prometheus error text, exposing internals to clients.

Return a generic "internal server error" message for Error::Prometheus
while logging the full error server-side with log::error!. Client-facing
error messages are unchanged.

Refs #217 (GHSA-c2rq-r4h4-xr73)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants