컨ν
μ€νΈ λΈλ‘
| Key |
Value |
| Category |
api |
| Checklist |
ISS-API-03 β Error responses leak stack traces or sensitive internal paths |
| Priority |
P1 π |
| Scan Date |
2026-04-16 |
| Flagged By |
@api-explorer |
μμ½
- WHAT: μ¬λ¬ API λΌμ°νΈκ° 500 μλ¬ μλ΅μ
error.messageλ₯Ό κ·Έλλ‘ λ°ν β Node.js fetch μλ¬μ ν¬ν¨λ λ΄λΆ νΈμ€νΈλͺ
/ν¬νΈ/νμΌ μμ€ν
κ²½λ‘κ° ν΄λΌμ΄μΈνΈλ‘ μ μΆ
- WHY: admin λΌμ°νΈλ€μ "Internal server error" λ¬Έμμ΄λ‘ λ§μ€νΉνμ§λ§ νλ‘μ/μ
λ‘λ/langsmith λΌμ°νΈλ λ§μ€νΉ λλ½ β μΌκ΄μ± λΆμ¬
- WHERE:
frontend/src/app/api/[..._path]/route.ts:160, frontend/src/app/api/upload/route.ts:112, frontend/src/app/api/admin/upload/route.ts:102, frontend/src/app/api/langsmith/runs/route.ts:142
- SEVERITY: HIGH β μΈνλΌ ν ν΄λ‘μ§ μ 보 μ μΆ + 곡격μ μ μ°° μ§μ
Evidence
| # |
File |
Line |
Finding |
Flagged By |
Confidence |
| 1 |
frontend/src/app/api/[..._path]/route.ts |
160 |
return NextResponse.json({ error: error.message }, { status: 500 }) β νλ‘μ λΌμ°νΈ, fetch μλ¬μ λ΄λΆ νΈμ€νΈ ν¬ν¨ κ°λ₯ |
@api-explorer |
High |
| 2 |
frontend/src/app/api/upload/route.ts |
112 |
Failed to upload file: ${error.message} β fs μλ¬μ μ λκ²½λ‘ μ μΆ |
@api-explorer |
High |
| 3 |
frontend/src/app/api/admin/upload/route.ts |
102 |
λμΌ ν¨ν΄ |
@api-explorer |
High |
| 4 |
frontend/src/app/api/langsmith/runs/route.ts |
142 |
LangSmith SDK μλ¬μ API ν€ μ‘°κ°/URL μ μΆ κ°λ₯ |
@api-explorer |
High |
μν₯ λΆμ
μν₯ λ²μ
- νλ‘μλ₯Ό ν΅ν LangGraph νΈμΆ μ€ν¨ μλ΅ (κ°μ₯ λΉλ²ν κ²½λ‘)
- νμΌ μ
λ‘λ μ€ν¨ μ μλ²μ UPLOAD_DIR κ²½λ‘ λ
ΈμΆ
- LangSmith λ° μ‘°ν μ€ν¨ μ trace URL/API ν€ μμ리 λ
ΈμΆ
μ₯μ μλ리μ€
- 곡격μκ° νλ‘μ λΌμ°νΈμ μλμ μΌλ‘ μλͺ»λ νμ΄λ‘λ μ μ‘
- Node.js fetchκ°
connect ECONNREFUSED 10.0.0.5:8123 κ°μ μλ¬ μμ±
- ν΄λΌμ΄μΈνΈ μλ΅μ λ΄λΆ λ€νΈμν¬ ν ν΄λ‘μ§ λ
ΈμΆ β λ΄λΆ IP/ν¬νΈ μ μ°° μ±κ³΅
- λλ μ
λ‘λ μλ¬ μ
ENOENT: no such file /var/www/uploads/... μλ΅μΌλ‘ μλ² νμΌ μμ€ν
ꡬ쑰 νμ
κΈ΄κΈλ
μ μ ν΄κ²° λ°©μ
μ κ·Ό λ°©λ²
κ³΅ν΅ μλ¬ λ‘κ±° + λ§μ€νΉ ν¬νΌ λμ
(frontend/src/lib/api/error-response.ts μ κ·):
export function internalErrorResponse(error: unknown, context: string) {
console.error(\`[api] ${context}\`, error); // μλ² μ¬μ΄λ λ‘κ·Έ
return NextResponse.json(
{ error: \"Internal server error\" },
{ status: 500 }
);
}λ€ κ΅°λ° λΌμ°νΈ λͺ¨λ μ΄ ν¬νΌλ‘ μΉν. development νκ²½μμλ§ μμΈ λ©μμ§ νμ©νλ €λ©΄ process.env.NODE_ENV === \"development\" λΆκΈ° μΆκ°.
λμ
- μλ¬ μ½λ μμ€ν
λμ
:
{ code: \"FETCH_UPSTREAM_FAILED\", requestId: \"...\" } λ°ν ν μλ² λ‘κ·Έμμ μμΈ νμΈ β λ λμ μ₯κΈ° μ€κ³μ§λ§ μ€μ½ν νλ
- RFC 9457 Problem Details μ€μ: νμ€ νμ μ€μ β λ§μ°¬κ°μ§λ‘ μ€μ½ν νλ
μμ© κΈ°μ€
μ°Έμ‘°
μ¬ν λ°©λ²
μ¬μ 쑰건
λ¨κ³
- LangGraph μλ²λ₯Ό μ€μ§ν μνλ‘ νλ‘μ λΌμ°νΈ νΈμΆ:
curl http://localhost:3000/api/invalid/path
- μλ΅ λ°λμ
error νλ νμΈ
κΈ°λ κ²°κ³Ό
{ \"error\": \"Internal server error\" }
μ€μ κ²°κ³Ό
{ \"error\": \"fetch failed: connect ECONNREFUSED 127.0.0.1:8123\" } (λ΄λΆ ν¬νΈ λ
ΈμΆ)
κ΄λ ¨ μ½λ 컨ν
μ€νΈ
| File |
Role |
Relevance |
frontend/src/app/api/[..._path]/route.ts |
LangGraph νλ‘μ μλν¬μΈνΈ |
μμ λμ |
frontend/src/app/api/upload/route.ts |
μ¬μ©μ νμΌ μ
λ‘λ |
μμ λμ |
frontend/src/app/api/admin/upload/route.ts |
admin μμ° μ
λ‘λ |
μμ λμ |
frontend/src/app/api/langsmith/runs/route.ts |
LangSmith trace μ‘°ν |
μμ λμ |
Detected by oh-my-braincrew `omb:issue` scan
Category: api | Scan date: 2026-04-16
`omb-issue-scan category=api checklist=ISS-API-03`
컨ν μ€νΈ λΈλ‘
ISS-API-03β Error responses leak stack traces or sensitive internal pathsμμ½
error.messageλ₯Ό κ·Έλλ‘ λ°ν β Node.js fetch μλ¬μ ν¬ν¨λ λ΄λΆ νΈμ€νΈλͺ /ν¬νΈ/νμΌ μμ€ν κ²½λ‘κ° ν΄λΌμ΄μΈνΈλ‘ μ μΆfrontend/src/app/api/[..._path]/route.ts:160,frontend/src/app/api/upload/route.ts:112,frontend/src/app/api/admin/upload/route.ts:102,frontend/src/app/api/langsmith/runs/route.ts:142Evidence
frontend/src/app/api/[..._path]/route.tsreturn NextResponse.json({ error: error.message }, { status: 500 })β νλ‘μ λΌμ°νΈ, fetch μλ¬μ λ΄λΆ νΈμ€νΈ ν¬ν¨ κ°λ₯frontend/src/app/api/upload/route.tsFailed to upload file: ${error.message}β fs μλ¬μ μ λκ²½λ‘ μ μΆfrontend/src/app/api/admin/upload/route.tsfrontend/src/app/api/langsmith/runs/route.tsμν₯ λΆμ
μν₯ λ²μ
μ₯μ μλ리μ€
connect ECONNREFUSED 10.0.0.5:8123κ°μ μλ¬ μμ±ENOENT: no such file /var/www/uploads/...μλ΅μΌλ‘ μλ² νμΌ μμ€ν ꡬ쑰 νμκΈ΄κΈλ
μ μ ν΄κ²° λ°©μ
μ κ·Ό λ°©λ²
κ³΅ν΅ μλ¬ λ‘κ±° + λ§μ€νΉ ν¬νΌ λμ (
frontend/src/lib/api/error-response.tsμ κ·):λ€ κ΅°λ° λΌμ°νΈ λͺ¨λ μ΄ ν¬νΌλ‘ μΉν. development νκ²½μμλ§ μμΈ λ©μμ§ νμ©νλ €λ©΄
process.env.NODE_ENV === \"development\"λΆκΈ° μΆκ°.λμ
{ code: \"FETCH_UPSTREAM_FAILED\", requestId: \"...\" }λ°ν ν μλ² λ‘κ·Έμμ μμΈ νμΈ β λ λμ μ₯κΈ° μ€κ³μ§λ§ μ€μ½ν νλμμ© κΈ°μ€
error.messageμ κ±°cd frontend && pnpm testμ°Έμ‘°
μ¬ν λ°©λ²
μ¬μ 쑰건
λ¨κ³
curl http://localhost:3000/api/invalid/patherrorνλ νμΈκΈ°λ κ²°κ³Ό
{ \"error\": \"Internal server error\" }μ€μ κ²°κ³Ό
{ \"error\": \"fetch failed: connect ECONNREFUSED 127.0.0.1:8123\" }(λ΄λΆ ν¬νΈ λ ΈμΆ)κ΄λ ¨ μ½λ 컨ν μ€νΈ
frontend/src/app/api/[..._path]/route.tsfrontend/src/app/api/upload/route.tsfrontend/src/app/api/admin/upload/route.tsfrontend/src/app/api/langsmith/runs/route.ts