Expand description
Error Message Sanitization (Sprint 3.1)
Prevents information leakage in error messages according to OWASP best practices.
§Security Risks (OWASP)
Error messages can leak sensitive information to attackers:
- File paths:
"/Users/admin/project/src/main.rs"→"[PATH]" - IP addresses:
"192.168.1.100"→"[IP]" - Connection strings:
"postgres://user:pass@host/db"→"[CONNECTION]" - Stack traces: Full traces → Generic “An error occurred”
- System information: Versions, environment details
§Display Modes
- Production: Sanitizes all sensitive information, generic messages
- Development: Shows full details for debugging
§Usage
ⓘ
use turbomcp_server::error_sanitization::{SanitizedError, DisplayMode};
let error = std::io::Error::new(
std::io::ErrorKind::NotFound,
"File not found: /etc/secrets/api_key.txt"
);
// Production: Redacts file path
let sanitized = SanitizedError::new(error, DisplayMode::Production);
println!("{}", sanitized); // "File not found: [PATH]"
// Development: Shows full details
let detailed = SanitizedError::new(error, DisplayMode::Development);
println!("{}", detailed); // "File not found: /etc/secrets/api_key.txt"Structs§
- Sanitized
Error - Sanitized error wrapper
Enums§
- Display
Mode - Display mode for error messages
Constants§
- GENERIC_
ERROR_ MESSAGE - Generic error message for production (OWASP recommendation)
Functions§
- generic_
error - Create a generic error response for production
- sanitize_
error_ message - Sanitize an error message by redacting sensitive information