Fix Improper Error Handling in Bottle

Bottle's default error behavior is a reconnaissance goldmine. Leaving debug=True or failing to implement global error catchers leaks stack traces, environment variables, and filesystem paths to any unauthenticated user. To harden a Bottle application, you must suppress verbose debugging and intercept exceptions to provide sanitized, generic responses.

The Vulnerable Pattern

from bottle import route, run
@route(‘/crash’)
def crash():
# Logic error triggers a traceback
result = 1 / 0
return result
if name == ‘main’:
# VULNERABILITY: debug=True exposes full stack traces to the client
run(host=‘0.0.0.0’, port=8080, debug=True)

The Secure Implementation

The vulnerability stems from the 'debug' flag and the lack of explicit error routing. When 'debug' is enabled, Bottle catches exceptions and renders them in the browser, revealing source code snippets and system internals. The fix requires setting 'debug=False' in production and using the '@error(code)' decorator to intercept specific HTTP status codes. This ensures that only generic messages are sent to the client while the actual exception details are relegated to secure server-side logs.

from bottle import route, run, error, response
import json
import logging
@route(‘/crash’)
def crash():
return 1 / 0
@error(500)
def handle_500(error_obj):
"""Sanitizes 500 errors to prevent Information Disclosure."""
logging.error(f”Internal Server Error: {error_obj.exception}”)
response.content_type = ‘application/json’
return json.dumps({“error”: “Internal server error”, “status”: 500})
@error(404)
def handle_404(error_obj):
return “Resource not found.”
if name == ‘main’:
# PRODUCTION CONFIG: debug=False and custom handlers active
run(host=‘0.0.0.0’, port=8080, debug=False)