zhangfengcdt opened a new issue, #2152:
URL: https://github.com/apache/sedona/issues/2152
## Description
The STAC collection client exposes detailed exception messages in error
logs, which could potentially be used by attackers to
gather information about the system internals and aid in further attacks.
## Vulnerability Details
- **Type**: Information Disclosure
- **Severity**: Medium
- **Component**: `/sedona/python/sedona/spark/stac/collection_client.py`
## Current Behavior
Several methods in the codebase catch exceptions and include the full
exception message in error logs:
- `get_items()` - Line 261
- `get_dataframe()` - Line 306
- `save_to_geoparquet()` - Line 347
These logs expose detailed error messages that could reveal:
- System paths and file structures
- Database schema information
- Internal implementation details
- Third-party library versions
## Expected Behavior
Error handling should:
- Log only generic error types without sensitive details
- Return generic error messages to users
- Not expose internal exception tracebacks
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
