|
|
@@ -11,7 +11,7 @@
|
|
|
>
|
|
|
> Each finding is referenced as **F<N>** for later citation.
|
|
|
>
|
|
|
-> **Findings rolled up:** 5 sev-3 (5 fixed, 0 open), 27 sev-2 (16 fixed, 11 open), 42 sev-1.
|
|
|
+> **Findings rolled up:** 5 sev-3 (5 fixed, 0 open), 27 sev-2 (17 fixed, 10 open), 42 sev-1.
|
|
|
|
|
|
---
|
|
|
|
|
|
@@ -935,6 +935,25 @@
|
|
|
whose `getCode()` happens to be in the 4xx range bypass
|
|
|
suppression and return raw messages.
|
|
|
- **Severity: 2**
|
|
|
+- **Status:** Fixed in `ce77454`. `JsonErrorHandler` now maps every
|
|
|
+ HTTP status to a fixed `STATUS_TOKENS` lookup (`bad_request`,
|
|
|
+ `forbidden`, `too_many_requests`, …) and only emits that canonical
|
|
|
+ token in the `error` field. `Throwable::getMessage()` is no longer
|
|
|
+ echoed to clients in production for any branch — `HttpException`,
|
|
|
+ `HttpNotFoundException`, `HttpMethodNotAllowedException`, or
|
|
|
+ catch-all. Out-of-range `getCode()` (including the default `0` from
|
|
|
+ `new HttpException(...)`) is clamped to 500. Non-HttpException
|
|
|
+ Throwables always collapse to status 500 regardless of their
|
|
|
+ numeric code, closing the previous 4xx-bypass path. The raw
|
|
|
+ exception class + message are only added under a separate
|
|
|
+ `detail` key when `$displayErrorDetails` (Slim) or
|
|
|
+ `$exposeDetails` (dev env) is on. New unit-test suite
|
|
|
+ `JsonErrorHandlerTest` covers the canonical responses for
|
|
|
+ HttpNotFound/HttpMethodNotAllowed/HttpBadRequest/HttpForbidden/
|
|
|
+ HttpInternalServerError, the generic-Throwable 500 path, the
|
|
|
+ 4xx-numeric-code-on-non-HttpException no-leak case, the clamp on
|
|
|
+ `code=0`, the unmapped-but-valid 418 fallback, the dev-mode
|
|
|
+ detail shape, and the per-request `displayErrorDetails` override.
|
|
|
|
|
|
### F27 — `RateLimitMiddleware` is skipped when no principal is present
|
|
|
- **Files:** `api/src/Infrastructure/Http/Middleware/RateLimitMiddleware.php:33-36`
|
chiappa