Skip to content

Commit 116872c

Browse files
committed
fix(search): do not expose internal error details in Edge Function responses
Addresses CodeQL 'information exposure through a stack trace': log error details server-side and return only a generic error code to the client.
1 parent 9f9a688 commit 116872c

1 file changed

Lines changed: 5 additions & 3 deletions

File tree

supabase/functions/knowledge-search/index.ts

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,13 +38,15 @@ Deno.serve(async (request) => {
3838
});
3939

4040
if (error) {
41-
return json({error: "search_failed", detail: error.message}, 500);
41+
// Log details server-side; do not leak internal error info to clients.
42+
console.error("knowledge-search query failed:", error.message);
43+
return json({error: "search_failed"}, 500);
4244
}
4345

4446
return json({query, results: data});
4547
} catch (err) {
46-
const message = err instanceof Error ? err.message : String(err);
47-
return json({error: "internal_error", detail: message}, 500);
48+
console.error("knowledge-search internal error:", err);
49+
return json({error: "internal_error"}, 500);
4850
}
4951
});
5052

0 commit comments

Comments
 (0)