From 83805c66e509b39b5d17d1a8d5033d9593711e84 Mon Sep 17 00:00:00 2001 From: girlbossceo Date: Sun, 30 Jul 2023 17:30:16 +0000 Subject: [PATCH] sanitise potentially sensitive errors prevents errors like DB or I/O errors from leaking filesystem paths Co-authored-by: infamous Signed-off-by: girlbossceo --- src/api/server_server.rs | 2 +- src/utils/error.rs | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/api/server_server.rs b/src/api/server_server.rs index ca5b69d0..6d2da07f 100644 --- a/src/api/server_server.rs +++ b/src/api/server_server.rs @@ -927,7 +927,7 @@ pub async fn send_transaction_message_route( Ok(send_transaction_message::v1::Response { pdus: resolved_map .into_iter() - .map(|(e, r)| (e, r.map_err(|e| e.to_string()))) + .map(|(e, r)| (e, r.map_err(|e| e.sanitized_error()))) .collect(), }) } diff --git a/src/utils/error.rs b/src/utils/error.rs index 4f044ca2..7fafea17 100644 --- a/src/utils/error.rs +++ b/src/utils/error.rs @@ -138,6 +138,28 @@ impl Error { status_code, })) } + + /// Sanitizes public-facing errors that can leak sensitive information. + pub fn sanitized_error(&self) -> String { + let db_error = String::from("Database or I/O error occurred."); + + match self { + #[cfg(feature = "sled")] + Self::SledError { .. } => db_error, + #[cfg(feature = "sqlite")] + Self::SqliteError { .. } => db_error, + #[cfg(feature = "persy")] + Self::PersyError { .. } => db_error, + #[cfg(feature = "heed")] + Self::HeedError => db_error, + #[cfg(feature = "rocksdb")] + Self::RocksDbError { .. } => db_error, + Self::IoError { .. } => db_error, + Self::BadConfig { .. } => db_error, + Self::BadDatabase { .. } => db_error, + _ => self.to_string(), + } + } } #[cfg(feature = "persy")]