[SECURITY] Prevent Error Information Disclosure (V-013, CVSS 7.5) #67

Merged

allegro merged 1 commits from security/fix-error-disclosure into main

2026-03-31 00:07:04 +00:00

Author	SHA1	Message	Date
Allegro	5d0cf71a8b	security: prevent error information disclosure (V-013, CVSS 7.5) Some checks failed Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 30s Details Tests / test (pull_request) Failing after 27s Details Docker Build and Publish / build-and-push (pull_request) Failing after 38s Details Add secure error handling to prevent internal details leaking. Changes: - gateway/platforms/api_server.py: - Add _handle_error_securely() function - Logs full error details with reference ID internally - Returns generic error message to client - Updates all cron job exception handlers to use secure handler CVSS: 7.5 (High) Refs: V-013 in SECURITY_AUDIT_REPORT.md CWE-209: Generation of Error Message Containing Sensitive Information	2026-03-31 00:06:58 +00:00

Author

SHA1

Message

Date

Allegro

5d0cf71a8b

security: prevent error information disclosure (V-013, CVSS 7.5)

Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 30s

Details

Tests / test (pull_request) Failing after 27s

Details

Docker Build and Publish / build-and-push (pull_request) Failing after 38s

Details

Add secure error handling to prevent internal details leaking.

Changes:
- gateway/platforms/api_server.py:
  - Add _handle_error_securely() function
  - Logs full error details with reference ID internally
  - Returns generic error message to client
  - Updates all cron job exception handlers to use secure handler

CVSS: 7.5 (High)
Refs: V-013 in SECURITY_AUDIT_REPORT.md
CWE-209: Generation of Error Message Containing Sensitive Information

2026-03-31 00:06:58 +00:00

[SECURITY] Prevent Error Information Disclosure (V-013, CVSS 7.5) #67

1 Commits