The code is a concurrent file downloader in Go that splits a file into multiple parts, downloads them in parallel, and assembles the final file, with support for Etag validation to ensure file integrity.
MIT License
1
stars
0
forks
source link
Prevent Potential Information Leakage via Error Messages #154
Description:
Detailed error messages, although beneficial for debugging purposes, can inadvertently leak sensitive information if they're presented directly to the end user. There are instances in the code where these detailed messages might be exposed.
Recommendation:
Ensure detailed error messages are logged internally but do not get exposed to the end user. Instead, present a generic error message to the user.
Example Fix:
func someFunction() error {
err := performSomeOperation()
if err != nil {
log.Println("Detailed error:", err) // Log detailed error for internal use
return errors.New("An unexpected error occurred. Please try again later.") // Return generic message to user
}
return nil
}
Acceptance Criteria:
Review error handling across the application.
Log the detailed error messages for internal use.
Present generic error messages to the end users.
Validate the changes to ensure no sensitive details are leaked.
campeon23
commented
1 year ago
Description: Detailed error messages, although beneficial for debugging purposes, can inadvertently leak sensitive information if they're presented directly to the end user. There are instances in the code where these detailed messages might be exposed.
Recommendation: Ensure detailed error messages are logged internally but do not get exposed to the end user. Instead, present a generic error message to the user.
Example Fix:
Acceptance Criteria:
Severity Level: High