Skip to content

fix: prevent exception details from leaking in API error responses#2007

Merged
Vchen7629 merged 4 commits into
mainfrom
endpoint-raw-exception-leaks
Jul 6, 2026
Merged

fix: prevent exception details from leaking in API error responses#2007
Vchen7629 merged 4 commits into
mainfrom
endpoint-raw-exception-leaks

Conversation

@Vchen7629

@Vchen7629 Vchen7629 commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

Summary

Changes

  • Updates src/api/settings/endpoints.py to prevent api detail leakage

Summary by CodeRabbit

  • Bug Fixes
    • Improved error handling across settings and onboarding flows.
    • Users now see generic error messages when settings retrieval, settings updates, onboarding initialization, or onboarding rollback fail.
    • Detailed exception information is no longer exposed in HTTP responses, while errors continue to be recorded in logs for troubleshooting.

@Vchen7629 Vchen7629 requested a review from lucaseduoli July 2, 2026 19:32
@github-actions github-actions Bot added backend 🔷 Issues related to backend services (OpenSearch, Langflow, APIs) bug 🔴 Something isn't working. labels Jul 2, 2026
@github-actions github-actions Bot added bug 🔴 Something isn't working. and removed bug 🔴 Something isn't working. labels Jul 2, 2026
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch endpoint-raw-exception-leaks

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c8cb9f1f-3268-4996-ac03-f316a7cb14df

📥 Commits

Reviewing files that changed from the base of the PR and between aac2eb8 and 08d5c41.

📒 Files selected for processing (1)
  • src/api/settings/endpoints.py
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/api/settings/endpoints.py

Walkthrough

Four settings/onboarding exception handlers now log tracebacks server-side and return generic 500 JSON error messages instead of exposing raw exception text.

Changes

Exception message redaction

Layer / File(s) Summary
Redact exception text in error handlers
src/api/settings/endpoints.py
get_settings, update_settings, onboarding OpenSearch initialization, and rollback_onboarding now use logger.exception and generic 500 JSON errors instead of including exception messages.

Estimated code review effort: 1 (Trivial) | ~5 minutes

Possibly related issues

Suggested labels: bug

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main security fix to stop leaking exception details in API error responses.
Linked Issues check ✅ Passed The changes address the four reported handlers by replacing raw exception text with generic responses and server-side exception logging.
Out of Scope Changes check ✅ Passed The PR stays focused on the linked security fix in src/api/settings/endpoints.py with no obvious unrelated changes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch endpoint-raw-exception-leaks

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added bug 🔴 Something isn't working. and removed bug 🔴 Something isn't working. labels Jul 2, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
src/api/settings/endpoints.py (1)

1000-1005: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Same CodeQL exception-leak pattern remains unfixed in adjacent onboarding handlers.

Within this same onboarding function, two other except blocks still return str(e) directly to the client: the provider-validation failure at line 1003 (JSONResponse({"error": str(e)}, status_code=400)) and the outer catch-all at lines 1259-1263 (logger.error(..., error=str(e)) plus JSONResponse({"error": str(e)}, status_code=500)). These weren't in the four CodeQL-flagged lines this PR targets, but they leak the same class of internal exception details (e.g. provider auth errors) to clients.

Also applies to: 1258-1264

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/api/settings/endpoints.py` around lines 1000 - 1005, The onboarding
handler still leaks raw exception text in adjacent exception paths; update the
provider-validation and outer catch-all branches in onboarding to avoid
returning or logging str(e) directly to clients. Use the same error-handling
pattern as the fixed CodeQL spots by replacing the JSONResponse({"error":
str(e)}) and logger.error(..., error=str(e)) usage with a generic client-facing
message while preserving the detailed exception only in internal logs, and
locate the affected code in the onboarding function’s except blocks.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/api/settings/endpoints.py`:
- Around line 1129-1133: The OpenSearch onboarding failure path in the exception
handler is returning a default HTTP 200 because the JSONResponse in the
onboarding initialization block omits an explicit status code. Update the except
Exception branch around the OpenSearch initialization logic to return the same
error payload from JSONResponse with status_code=500 so the client sees a real
server error; use the existing logger.exception message and the JSONResponse
call in that handler as the place to fix it.

---

Outside diff comments:
In `@src/api/settings/endpoints.py`:
- Around line 1000-1005: The onboarding handler still leaks raw exception text
in adjacent exception paths; update the provider-validation and outer catch-all
branches in onboarding to avoid returning or logging str(e) directly to clients.
Use the same error-handling pattern as the fixed CodeQL spots by replacing the
JSONResponse({"error": str(e)}) and logger.error(..., error=str(e)) usage with a
generic client-facing message while preserving the detailed exception only in
internal logs, and locate the affected code in the onboarding function’s except
blocks.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a301591e-49a2-4709-a07f-3bc6cdc80932

📥 Commits

Reviewing files that changed from the base of the PR and between 4f104ec and aac2eb8.

📒 Files selected for processing (1)
  • src/api/settings/endpoints.py

Comment thread src/api/settings/endpoints.py
@github-actions github-actions Bot added bug 🔴 Something isn't working. and removed bug 🔴 Something isn't working. labels Jul 2, 2026
@github-actions github-actions Bot added bug 🔴 Something isn't working. and removed bug 🔴 Something isn't working. labels Jul 2, 2026
@github-actions github-actions Bot added the lgtm label Jul 3, 2026
@Vchen7629 Vchen7629 merged commit 857521d into main Jul 6, 2026
24 checks passed
@github-actions github-actions Bot deleted the endpoint-raw-exception-leaks branch July 6, 2026 18:42
lucaseduoli added a commit that referenced this pull request Jul 7, 2026
…model option (#2031)

* fix: remediate image_scan CVEs in backend, frontend, and langflow images (#2000)

* fix light color text catergory chips in light mode (#2013)

Co-authored-by: Olfa Maslah <[email protected]>

* fix: upgraded version of docling (#1995)

* changed version of docling

* fix logs not being the correct ones

* go back to sequential building to save space

* add cache to builds

* remove single use results from docling manager

* revert single use results

* change the ray tenant id header

* added env

* changed cache to hit if no changes were made

* fix hash for cache

* style: ruff autofix (auto)

* fixed coderabbit

* style: ruff autofix (auto)

* added comment on docling manager

* style: ruff autofix (auto)

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* feat: add chunk level page source (#2015)

* Changed export docling document to append page number

* update result on frontend to append page number

* document how to get page number in readmes

* Update flows/components/export_docling_document.py

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Update flows/components/export_docling_document.py

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix: apply CodeRabbit auto-fixes

Fixed 1 file(s) based on 1 unresolved review comment.

Co-authored-by: CodeRabbit <[email protected]>

* update component code

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: CodeRabbit <[email protected]>

* fix: error in skip duplicates functionality for folder ingest for connectors (backport of #1941) (#2018)

* fix: error in skip duplicates functionality for folder ingest for connectors 75616(#1842) (#1941)

* fix: enhance duplicate handling and indexing for connector file uploads

* style: ruff autofix (auto)

* fix: improve duplicate handling in connector sync functionality

* chore: trigger CodeRabbit

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
(cherry picked from commit effaf02)

* style: ruff autofix (auto)

* fix: remove duplicate test definitions from main merge

The automated merge-from-main on this branch concatenated two tests
(test_connector_processor_indexes_cleaned_filename,
test_langflow_connector_processor_uses_cleaned_filename) that already
existed under both names, tripping ruff F811. Keep one copy of each,
preferring the version wired with connector_id_exists=True to match
current check_document_exists behavior.

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: Ingestion of buckets not working right after connection is tested - CPD #75506 (#1942) (#2019)

* fix: update bucket ingestion messages for clarity and consistency

* fix: guard bucket pre-selection against connection ID mismatch

The defaults query returns the first S3/COS connection regardless of active
status. Only pre-select saved bucket_names when the defaults connection_id
matches the current connector.connectionId to avoid seeding the wrong
buckets if a stale connection exists alongside the active one.



* fix: prevent defaults from overwriting user bucket selections

Two issues in the initial-selection effect:
1. hasAppliedInitial was only set when valid buckets were found, leaving the
   effect live across bucket refreshes and allowing stale defaults to overwrite
   selections made after a refetch.
2. No guard against the async race where buckets loads before initialSelectedBuckets:
   user clicks buckets, defaults arrive later and silently overwrite them.

Fix: mark hasAppliedInitial unconditionally on first evaluation, and only apply
defaults when selectedBuckets is still empty (user hasn't acted yet).



---------


(cherry picked from commit f3823b8)

Co-authored-by: Claude Sonnet 4.6 <[email protected]>

* fix: handle orphan files and return appropriate responses when syncing connectors (#1785) (#2016)

* feat: handle orphan files and return appropriate responses when syncing connectors

* feat: refactor GoogleDriveOAuth to separate required scopes and add handling for missing optional group scopes in tests

* style: ruff autofix (auto)

* feat: add handling for skipped files and warnings in task processing and UI components

---------


(cherry picked from commit aca865a)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: enhance error handling for document processing and add OCR requirement check for image files (#1859) (#2017)

* fix: enhance error handling for document processing and add OCR requirement check for image files

* style: ruff autofix (auto)

* remove clickhouse connect from langflow image (#1801)

* chore: fix ci (#1889)

* Update processors.py

* test fix

* fix ci

---------




(cherry picked from commit a286581)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Lucas Oliveira <[email protected]>
Co-authored-by: Edwin Jose <[email protected]>

* fix: bump golang.org/x/net to v0.55.0 to remediate CVE-2026-25680 and CVE-2026-39821 (#2014)

* feat: add new design for messages and add inline references (#2020)

* update opensearch multimodal and flows to support parser, chunk size and chunk overlap

* update backend to support citations and chunk metadata

* update frontend to support citations and metadata, implement new design for assistant message

* changed the prompt for the agent

* changed the prompt for the agent

* remove hallucinated chunk references

* adjust design of citations and where popover appears

* adjusted design for message, popover and cards

* fix React Doctor picks

* fix: apply CodeRabbit auto-fixes

Fixed 5 file(s) based on 4 unresolved review comments.

Co-authored-by: CodeRabbit <[email protected]>

* style: apply biome auto-fixes [skip ci]

* updated colors in ibm mode

* fixed react doctor picks

* added correct type and validation for function calls

* remove style for message when on onboarding

* fix message not being w full

* remove search query in end of the message

* change popup to use shadcn popover

* fix coderabbit's suggestion

* increase prompt limit

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: CodeRabbit <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* apply new settings on retry (#2010)

* fix: preserve HTTPException status in update_docling_preset (#1586) (#2004)

* fix: report actual synced connection count in connector_sync (#1547) (#2006)

* fix: restore LLM model values in reapply_all_settings fallback (#1587) (#2008)

* fix: prevent partial matches for exact token searches (#2003)

* fix: prevent partial matches for exact token searches (#1937)

* style: ruff autofix (auto)

* chore: remove unused json import

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: target agent component when updating chat flow system prompt (#2001)

* fix: target langflow agent component for system prompt update instead of provider LLM component

Signed-off-by: vchen7629 <[email protected]>

* fix: removed unused llm_provider arg from _update_langflow_system_prompt

Signed-off-by: vchen7629 <[email protected]>

* test: add unit tests for update_chat_flow_system_prompt

Signed-off-by: vchen7629 <[email protected]>

* style: ruff autofix (auto)

* fix(test): resolve flow path relative to repo root in test_langflow_agent_system_prompt

Signed-off-by: vchen7629 <[email protected]>

* style: ruff autofix (auto)

---------

Signed-off-by: vchen7629 <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: replaced hardcoded docker.io prefix with a env variable prefix for private repo compatibility (#2002)

Signed-off-by: vchen7629 <[email protected]>

* fix: resolve Pydantic delta serialization warnings in agent streaming (#2005)

* fix: updated agent model dump to exclude delta field

Signed-off-by: vchen7629 <[email protected]>

* test: added regression unit test to verify response field + no warnings

* style: ruff autofix (auto)

* test: added additional unit test to verify that model_dump without exclusion raises the warning

Signed-off-by: vchen7629 <[email protected]>

* style: ruff autofix (auto)

* test: tighten delta warning assertion to match specific Pydantic error

Signed-off-by: vchen7629 <[email protected]>

* style: ruff autofix (auto)

---------

Signed-off-by: vchen7629 <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: prevent exception details from leaking in API error responses (#2007)

* fix: removed str(e) in exceptions to prevent internals from leaking

Signed-off-by: vchen7629 <[email protected]>

* style: ruff autofix (auto)

* fix: added missing status_code

Signed-off-by: vchen7629 <[email protected]>

* style: ruff autofix (auto)

---------

Signed-off-by: vchen7629 <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* Changed docling options to include local support and be shown in the Langflow tab

* style: ruff autofix (auto)

* enable ollama and delete unused file

* fix next lint

---------

Signed-off-by: vchen7629 <[email protected]>
Co-authored-by: Gautham N Pai <[email protected]>
Co-authored-by: Wallgau <[email protected]>
Co-authored-by: Olfa Maslah <[email protected]>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: CodeRabbit <[email protected]>
Co-authored-by: Rico Furtado <[email protected]>
Co-authored-by: Claude Sonnet 4.6 <[email protected]>
Co-authored-by: Edwin Jose <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Mike Fortman <[email protected]>
Co-authored-by: hunterxtang <[email protected]>
Co-authored-by: NishadA05 <[email protected]>
Co-authored-by: Zephyrus <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backend 🔷 Issues related to backend services (OpenSearch, Langflow, APIs) bug 🔴 Something isn't working. lgtm

Projects

None yet

Development

Successfully merging this pull request may close these issues.

security: Avoid leaking raw exception messages in API 500 error responses (CodeQL)

2 participants