fix(security): don't expose internal error details in HTTP response

DevanshuNEU · DevanshuNEU · commit bb5f711ef321 · 2026-01-28T17:38:18.000-05:00
Replace 'Failed to fetch repositories: {str(e)}' with generic message.
logger.error still records full error for diagnostics.
diff --git a/backend/routes/github.py b/backend/routes/github.py
@@ -357,4 +357,4 @@ async def list_github_repos(
                 detail="GitHub access revoked. Please reconnect your GitHub account."
             )
         
-        raise HTTPException(status_code=500, detail=f"Failed to fetch repositories: {str(e)}")
+        raise HTTPException(status_code=500, detail="Failed to fetch repositories")

Original file line number	Diff line number	Diff line change
`@@ -357,4 +357,4 @@ async def list_github_repos(`
`357`	`357`	`detail="GitHub access revoked. Please reconnect your GitHub account."`
`358`	`358`	`)`
`359`	`359`
`360`		`- raise HTTPException(status_code=500, detail=f"Failed to fetch repositories: {str(e)}")`
	`360`	`+ raise HTTPException(status_code=500, detail="Failed to fetch repositories")`