fix(import): sanitize error messages to prevent backend detail leakage (#2455) - karakeep - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Mohamed Bassem <me@mbassem.com>	2026-02-04 13:44:39 +0000
committer	GitHub <noreply@github.com>	2026-02-04 13:44:39 +0000
commit	93ad2e2001eb7070df50b0ab51dfd3e1ab377629 (patch)
tree	26cefb449ec3769d1b19569a8c100d49fc7f8cc1 /docker
parent	d9329e89adc6ca579a299d42d115c850fc9305dd (diff)
download	karakeep-93ad2e2001eb7070df50b0ab51dfd3e1ab377629.tar.zst

fix(import): sanitize error messages to prevent backend detail leakage (#2455)

The catch block in processOneBookmark was storing raw error strings via String(error) in the resultReason field, which is exposed to users through the getImportSessionResults tRPC route. This could leak internal details like database constraint errors, file paths, stack traces, or connection strings. Replace String(error) with getSafeErrorMessage() that only allows through: - TRPCError client errors (designed to be user-facing) - Known safe validation messages from the import worker - A generic fallback for all other errors The full error is still logged server-side for debugging. https://claude.ai/code/session_01F1NHE9dqio5LJ177vmSCvt Co-authored-by: Claude <noreply@anthropic.com>

Diffstat (limited to 'docker')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: