lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Remove socket path leak in fail2ban error responses

Browse Source 
- Change _fail2ban_connection_handler() to return generic message instead of
  leaking socket path in HTTP 502 response body
- Change _fail2ban_protocol_handler() to return generic message instead of
  leaking raw exception details in HTTP 502 response body
- Full error details are still logged server-side (error=str(exc)) for debugging
- Update Backend-Development.md with error message hygiene section explaining
  the pattern: generic user-friendly messages in HTTP responses, full details
  in server logs only

Fixes TASK-029: Fail2BanConnectionError leaks socket path in HTTP error responses

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Lukas
2026-04-26 15:21:35 +02:00
parent 5d24780c63
commit b9289a3b0e
3 changed files with 32 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/app/main.py
View File

@@ -231,7 +231,7 @@ async def _fail2ban_connection_handler(
)
return JSONResponse(
status_code=502,
content={"detail": f"Cannot reach fail2ban: {exc}"},
content={"detail": "Cannot reach the fail2ban service. Check the server status page."},
)
@@ -256,7 +256,7 @@ async def _fail2ban_protocol_handler(
)
return JSONResponse(
status_code=502,
content={"detail": f"fail2ban protocol error: {exc}"},
content={"detail": "Cannot reach the fail2ban service. Check the server status page."},
)