Potential fix for code scanning alert no. 22: Information exposure through an exception#16
Merged
Rootless-Ghost merged 1 commit intomainfrom Mar 22, 2026
Merged
Conversation
…rough an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Potential fix for https://github.com/Rootless-Ghost/SigmaForge/security/code-scanning/22
In general, to fix information exposure through exceptions, avoid returning raw exception messages or stack traces to the client. Instead, log detailed errors on the server and respond with a generic, user-friendly message that does not reveal internal implementation details.
For this specific case, the best fix is to change the
except ValueError as e:handler inapi_templateso it does not includestr(e)in the JSON response. Instead, return a generic error such as "Template not found." or "Invalid template key." that preserves existing behavior semantics (a 404 for client error) without leaking exception details. Optionally, log the actual exception using the existingloggingmodule for diagnostics. Concretely:app.py, inapi_template, lines 149–150, replacereturn jsonify({"success": False, "error": str(e)}), 404with a generic message, e.g.return jsonify({"success": False, "error": "Template not found."}), 404.ValueErrorvialogging.warningorlogging.exception, but this is not strictly required to remove the information exposure. Theloggingimport already exists, so no new imports are needed.No other parts of the file need changes to fix this specific CodeQL alert.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.