harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

Merge pull request #382 from fettpl/fix/356-gateway-error-leaks

Browse source 
fix(security): stop leaking serde parse details in gateway error responses
This commit is contained in:
Chummy 2026-02-17 01:10:27 +08:00 committed by GitHub
commit 9fbd8c7f57
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/gateway/mod.rs
View file

@ -469,8 +469,9 @@ async fn handle_webhook(
let Json(webhook_body) = match body { let Json(webhook_body) = match body {
Ok(b) => b, Ok(b) => b,
Err(e) => { Err(e) => {
tracing::warn!("Webhook JSON parse error: {e}");
let err = serde_json::json!({ let err = serde_json::json!({
"error": format!("Invalid JSON: {e}. Expected: {{\"message\": \"...\"}}") "error": "Invalid JSON body. Expected: {\"message\": \"...\"}"
}); });
return (StatusCode::BAD_REQUEST, Json(err)); return (StatusCode::BAD_REQUEST, Json(err));
} }