| import re |
| import os |
|
|
| def sanitize_error_message(error_text: str) -> str: |
| """ |
| Remove sensitive information from error messages to prevent API key exposure. |
| """ |
| if not error_text: |
| return "An unknown error occurred" |
| |
| sanitized = error_text |
| |
| api_key_patterns = [ |
| r'(Bearer\s+)[A-Za-z0-9_\-]+', |
| r'(bearer\s+)[A-Za-z0-9_\-]+', |
| r'(api_key["\']?\s*[:=]\s*["\']?)[A-Za-z0-9_\-]+', |
| r'(api-key["\']?\s*[:=]\s*["\']?)[A-Za-z0-9_\-]+', |
| r'gsk_[A-Za-z0-9_\-]{20,}', |
| r'(pin_[A-Za-z0-9_\-]{20,})', |
| r'(hf_[A-Za-z0-9]{20,})', |
| r'(github_pat_[A-Za-z0-9_\-]{20,})', |
| r'(xox[baprs]-[A-Za-z0-9]{10,})', |
| ] |
| |
| for pattern in api_key_patterns: |
| sanitized = re.sub(pattern, r'\1[REDACTED]', sanitized) |
| |
| return sanitized |
|
|
|
|
| def safe_error_response(original_error: str, user_message: str = "An error occurred while processing your request") -> str: |
| """ |
| Return a safe error message to the user without exposing sensitive data. |
| """ |
| return user_message |
|
|
|
|
| def log_sanitized_error(logger, error_text: str, extra_context: str = ""): |
| """ |
| Log an error message with sensitive data redacted. |
| """ |
| sanitized = sanitize_error_message(error_text) |
| if extra_context: |
| logger.error(f"{extra_context}: {sanitized}") |
| else: |
| logger.error(sanitized) |
|
|
