QUICK_REFERENCE_SECURITY_206.md•1.5 kB
# Quick Reference - Security Issue #206 Fix
## Files Created
- `src/security/errorHandler.ts` - SecureErrorHandler class
- `test/__tests__/unit/security/errorHandler.test.ts` - Tests
## Key Methods
```typescript
// Main method to use everywhere
SecureErrorHandler.sanitizeError(error, requestId?)
// For creating responses
SecureErrorHandler.createErrorResponse(error, requestId?)
// For wrapping async functions
SecureErrorHandler.wrapAsync(fn, context?)
```
## Files Still Needing Updates
### High Priority (Direct User Exposure)
1. **src/index.ts** - 3 logger.error calls + 6 error.message uses
2. **src/security/pathValidator.ts** - Throws errors with paths
3. **src/persona/PersonaElementManager.ts** - Throws errors with paths
4. **src/elements/agents/AgentManager.ts** - Throws error with path
### Medium Priority (Logs Only)
1. **src/persona/PersonaLoader.ts** - Logs with file names
2. **src/portfolio/PortfolioManager.ts** - Logs stack traces
3. **src/portfolio/MigrationManager.ts** - Logs stack traces
4. **src/collection/GitHubClient.ts** - Preserves stack traces
## Test Command
```bash
npm test -- test/__tests__/unit/security/errorHandler.test.ts --no-coverage
```
## Git Status
- Branch: `fix/security-error-disclosure`
- 9 error handlers fixed in index.ts
- Ready to continue with remaining fixes
## Critical Pattern
```typescript
// NEVER expose raw errors to users
text: `Error: ${error}` // BAD
text: `Error: ${SecureErrorHandler.sanitizeError(error).message}` // GOOD
```