Security: Potential Information Disclosure in Error Handling#2316
Security: Potential Information Disclosure in Error Handling#2316tomaioo wants to merge 1 commit into
Conversation
In shiny/_error.py, the ErrorMiddleware catches generic exceptions and prints them to stdout with `print("Unhandled error: " + str(e))`, then returns a generic 500 message. However, the HTTPException handler returns `e.detail` directly in the response body without sanitization. If `e.detail` contains sensitive information, it could be leaked to the client. Additionally, the comment in the code suggests uncertainty about proper logging.
Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
|
Thanks for the PR. I want to flag that the threat model described here doesn't hold for this specific code path.
if is_pyodide:
middleware.append(starlette.middleware.Middleware(ErrorMiddleware))
In Pyodide mode, "server" and "client" are the same browser tab/process for the same user — there's no network boundary for Given that, replacing The |
Summary
Security: Potential Information Disclosure in Error Handling
Problem
Severity:
Medium| File:shiny/_error.py:L28In shiny/_error.py, the ErrorMiddleware catches generic exceptions and prints them to stdout with
print("Unhandled error: " + str(e)), then returns a generic 500 message. However, the HTTPException handler returnse.detaildirectly in the response body without sanitization. Ife.detailcontains sensitive information, it could be leaked to the client. Additionally, the comment in the code suggests uncertainty about proper logging.Solution
Sanitize or limit the detail returned in HTTPException responses. Use proper structured logging instead of print statements. Consider logging full exception details server-side while returning generic messages to clients.
Changes
shiny/_error.py(modified)