Fix Internal Error Leakage in HTTP Transport Layer#269
Conversation
…orrelation IDs In accordance with Sentinel guidelines, this commit modifies multiple endpoints in `HttpTransport` to prevent internal error leakage via HTTP 500 responses. Instead of exposing internal error strings (e.g. `OAuth callback failed`, `Failed to load profile index`), these endpoints now correctly log the detailed error with a dynamically generated correlation ID (`generateCorrelationId`), and return a generic `Internal error` payload to clients containing only the correlation ID. The relevant integration tests in `http-transport-security.test.ts` and `http-transport.test.ts` have been updated to reflect these security improvements. Co-authored-by: davidruzicka <14172985+davidruzicka@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
1 participant
This commit prevents internal information leakage in
src/transport/http-transport.tsby ensuring that unhandled or fatal errors generate a generic response alongside a tracked correlation ID, meeting Sentinel's secure error handling criteria.PR created automatically by Jules for task 11411060694546832511 started by @davidruzicka