Skip to content

security: structured logging + opaque error IDs (stop leaking str(e) in 500s)#1

Open
lzt0513 wants to merge 1 commit into
mainfrom
fix/security-structured-logging-error-ids
Open

security: structured logging + opaque error IDs (stop leaking str(e) in 500s)#1
lzt0513 wants to merge 1 commit into
mainfrom
fix/security-structured-logging-error-ids

Conversation

@lzt0513

@lzt0513 lzt0513 commented Jun 16, 2026

Copy link
Copy Markdown
Owner

Closes imran31415#110

Changes

  • \send_error_response\ now returns JSON with an opaque \error_id\ instead of \ ext/plain\ with leaked exception text
  • Full tracebacks are printed server-side, indexed by \error_id\ for log correlation
  • Added \send_client_error\ for 4xx responses (returns JSON without error_id)
  • \do_POST\ now catches \ValueError\ separately as 400 instead of 500
  • Other exception handlers use the updated \send_error_response\ which does not leak details

Acceptance criteria covered

  • 500 responses no longer leak str(e)/internal detail; they carry an error_id
  • The matching traceback is findable in logs by error_id
  • Client-input errors return 4xx, not 500

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(server): structured logging + opaque error IDs (stop leaking str(e) in 500s)

1 participant

@lzt0513