search

sassoftware / event-provenance-registry

The Event Provenance Registry (EPR) is a service that manages and stores events and tracks event-receivers and event-receiver-groups.
Apache License 2.0
6 stars 4 forks source link

DB connection info leaked through error responses #92

Closed caproven closed 6 months ago

caproven commented 6 months ago

DB connection info is leaked in API responses upon DB-related errors. Imagine we need to prevent 5xx errors from being directly used in responses.

Sample output:

❯ curl -k http://localhost:8042/api/v1/receivers/blah
{"data":null,"errors":["failed to connect to `host=localhost user=postgres database=`: dial error (dial tcp 127.0.0.1:5432: connect: connection refused)"]}

Steps to reproduce:

  1. Spin up dependencies
  2. Start EPR server
  3. Stop PostgreSQL
  4. Hit the API with a valid-format request (hit actual endpoint, if creating resource need valid data)
  5. See API response