Potential fix for code scanning alert no. 8: Information exposure through an exception

[gm3dmo]

Potential fix for https://github.com/gm3dmo/the-power/security/code-scanning/8

In general, this issue is fixed by not returning the raw exception text (or stack trace) to the client. Instead, we should respond with a generic error message and, if needed, log the detailed exception server-side for debugging.

For this specific code, the best minimal fix without changing existing functionality is:

• Replace return jsonify({'error': str(e)}), 500 with a generic error such as return jsonify({'error': 'An internal error has occurred.'}), 500.
• Optionally log the exception server-side. Since we’re already using Flask, we can use app.logger.exception(...) to log the full stack trace without exposing it to the user. This keeps developer visibility while protecting users from internal details.

Concretely, in powerindex/app.py:

• Within the shown execute_script route (around lines 273–274), change the except block to:
  • Call app.logger.exception("Error executing script") (or similar) to log the exception with stack trace.
  • Return a generic JSON error message instead of str(e).

No new imports are required because app is already defined elsewhere in this file (not shown) as a Flask instance, and Flask provides app.logger by default.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.