Exclude tracebacks from error responses

DataBiosphere / azul

Metadata indexer and query service used for AnVIL, HCA, LungMAP, and CGP

Apache License 2.0

7 stars 2 forks source link

Exclude tracebacks from error responses #6420

Open hannes-ucsc opened 2 months ago

hannes-ucsc commented 2 months ago

… and instead only return the request UUID and log the error in CloudWatch.

nolunwa-ucsc commented 1 month ago

This was PT Finding from the 2024 assessment weakness description: The server reveals information about the software in a HTTP response, such as local file paths and python exception information.