Skip to content

Fix information exposure in OrderInvoiceController and OrderShipmentController #2962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dpfaffenbauer merged 4 commits into from
Jan 30, 2026
Merged

Fix information exposure in OrderInvoiceController and OrderShipmentController #2962

dpfaffenbauer merged 4 commits into from
Jan 30, 2026
+2 −4

Conversation

Copy link

Copilot AI commented Jan 29, 2026
edited
Loading

  • Analyze the security vulnerability in OrderInvoiceController and OrderShipmentController
  • Fix OrderInvoiceController.php: Replace exception message and stack trace exposure with generic error message
  • Fix OrderShipmentController.php: Replace exception message and stack trace exposure with generic error message
  • Address review feedback: Remove logging and simplify error response

Summary

This PR fixes a security vulnerability (Information Exposure) where internal error messages and stack traces were being returned directly to clients in case of server errors.

Changes Made

OrderInvoiceController.php (renderAction method)

  • Return generic error message with HTTP 500 status code instead of exposing exception details

OrderShipmentController.php (renderAction method)

  • Return generic error message with HTTP 500 status code instead of exposing exception details

Security Fix

Before: Exception messages and full stack traces were embedded directly into HTML responses sent to clients.

} catch (\Exception $e) {
    $responseData = '<strong>' . $e->getMessage() . '</strong><br>trace: ' . $e->getTraceAsString();
    $header = ['Content-Type' => 'text/html'];
}
return new Response($responseData, 200, $header);

After: Simple generic error message with HTTP 500 status.

} catch (\Exception $e) {
    return new Response('An error occurred while rendering the invoice.', 500, ['Content-Type' => 'text/html']);
}
Original prompt

This section details on the original issue you should resolve

<issue_title>Information Exposure</issue_title>
<issue_description>Problem Statement
Internal error messages and stack traces are returned directly to the client in case of server errors.

Description

  • Exception messages and full stack traces are embedded directly into HTML responses.
  • Internal implementation details leave the server trust boundary.

Example

CoreShop/src/CoreShop/Bundle/OrderBundle/Controller/OrderInvoiceController.php

Line 189 in 3fcd9fb

$responseData = '<strong>' . $e->getMessage() . '</strong><br>trace: ' . $e->getTraceAsString();

CoreShop/src/CoreShop/Bundle/OrderBundle/Controller/OrderShipmentController.php

Line 185 in 3fcd9fb

$responseData = '<strong>' . $e->getMessage() . '</strong><br>trace: ' . $e->getTraceAsString();

Impact

  • Disclosure of internal classes, file paths, and control flow.
  • Easier analysis of the application architecture.
  • Reduced effort for targeted follow-up attacks.

Mitigation

  • Do not return exception messages or stack traces to clients.
  • Use generic error messages in responses.
  • Log detailed error information exclusively on the server side.

@raphael-kat @papillo-solutions</issue_description>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI and others added 2 commits January 29, 2026 12:02
@dpfaffenbauer
Fix information exposure vulnerability in OrderInvoiceController and …
fa143d9 
…OrderShipmentController

Replace exception messages and stack traces in client responses with generic error
messages. Detailed error information is now logged server-side using LoggerInterface.

Fixes security vulnerability where internal implementation details were exposed to clients.

Co-authored-by: dpfaffenbauer <5981845+dpfaffenbauer@users.noreply.github.com>
@dpfaffenbauer
Return HTTP 500 status code on error in renderAction methods
ac3b8a8 
Address code review feedback to return appropriate error status code
instead of HTTP 200 when an error occurs during PDF rendering.

Co-authored-by: dpfaffenbauer <5981845+dpfaffenbauer@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix information exposure in error handling Fix information exposure in OrderInvoiceController and OrderShipmentController Jan 29, 2026
Copilot AI requested a review from dpfaffenbauer January 29, 2026 12:05
dpfaffenbauer
dpfaffenbauer reviewed Jan 29, 2026
View reviewed changes
src/CoreShop/Bundle/OrderBundle/Controller/OrderInvoiceController.php Outdated
];
} catch (\Exception $e) {
$responseData = '<strong>' . $e->getMessage() . '</strong><br>trace: ' . $e->getTraceAsString();
$this->container->get(LoggerInterface::class)->error(
Copy link
Member

@dpfaffenbauer dpfaffenbauer Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot remove log and don't overexpose response

Copy link
Author

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed the logging and simplified the error response to just return a generic message with HTTP 500 status. Fixed in de3345e.

@dpfaffenbauer
Remove logging and simplify error response in renderAction methods
de3345e 
Address review feedback to remove logging calls and simplify error responses
while still preventing information exposure.

Co-authored-by: dpfaffenbauer <5981845+dpfaffenbauer@users.noreply.github.com>
Copilot AI requested a review from dpfaffenbauer January 29, 2026 19:35
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 29, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dpfaffenbauer dpfaffenbauer marked this pull request as ready for review January 29, 2026 20:07
@github-actions
Copy link

github-actions bot commented Jan 29, 2026


Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

I have read the CLA Document and I hereby sign the CLA

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

@dpfaffenbauer dpfaffenbauer merged commit 8af585b into 4.1 Jan 30, 2026
90 of 91 checks passed
@dpfaffenbauer dpfaffenbauer deleted the copilot/fix-information-exposure-issue branch January 30, 2026 07:37
@github-actions github-actions bot locked and limited conversation to collaborators Jan 30, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@dpfaffenbauer dpfaffenbauer dpfaffenbauer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@dpfaffenbauer dpfaffenbauer

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dpfaffenbauer