Avoid leaking internal exception details to Discord users #22

New Issue

cal · 2026-02-20T06:49:15Z

cal commented

2026-02-20 06:49:15 +00:00

Description

commands/league/submit_scorecard.py:274 and :379 — Two places send str(e) directly back to the user as Discord message content. Depending on the error source, these can expose internal API URLs, stack context, or database structure details to anyone in the channel.

File Locations

commands/league/submit_scorecard.py:274
commands/league/submit_scorecard.py:379

Labels

security, bug

Priority

medium

## Description `commands/league/submit_scorecard.py:274` and `:379` — Two places send `str(e)` directly back to the user as Discord message content. Depending on the error source, these can expose internal API URLs, stack context, or database structure details to anyone in the channel. ## File Locations - `commands/league/submit_scorecard.py:274` - `commands/league/submit_scorecard.py:379` ## Labels security, bug ## Priority medium

cal referenced this issue from a commit

2026-02-20 16:39:04 +00:00

fix: address 7 security issues across the codebase

cal commented

2026-02-20 16:48:27 +00:00

Addressed in commit f4be20a on next-release branch. Will be closed when merged to main.

Addressed in commit f4be20a on `next-release` branch. Will be closed when merged to main.

cal commented

2026-02-20 16:48:34 +00:00

Addressed in commit f4be20a on next-release branch. Will be closed when merged to main.

Addressed in commit `f4be20a` on `next-release` branch. Will be closed when merged to main.

cal closed this issue