Hug is a high-performance Python framework that, if misconfigured, leaks sensitive system internals through default exception handling. Improper error handling (CWE-209) allows attackers to fingerprint the environment, identify library versions, and map the filesystem via stack traces. To secure a Hug API, you must implement a global exception handler that intercepts crashes and returns sanitized, generic responses.

The Vulnerable Pattern

import hug
@hug.get(‘/debug-leak’)
def leak_info(file_path: str):
# VULNERABLE: Direct file access without exception handling
# An invalid path or permission error will dump a full Python traceback to the client
with open(file_path, ‘r’) as f:
return f.read()

The Secure Implementation

The vulnerable snippet allows raw tracebacks to escape the application boundary, exposing the internal directory structure and logic. The secure implementation utilizes `@hug.exception(Exception)` to define a global safety net. This ensures that any unhandled exception results in a generic 500 Internal Server Error response, while the actual sensitive error details are redirected to internal logs where they belong. We also added granular handling for predictable errors like FileNotFoundError to improve API usability without compromising security.

import hug
import logging
Configure internal logging for post-mortem analysis
logging.basicConfig(level=logging.ERROR)
@hug.exception(Exception)
def global_exception_handler(exception, response):
"""Catches all unhandled exceptions and returns a sanitized JSON object."""
logging.error(f’Unexpected error: {exception}’)
response.status = hug.HTTP_500
return {‘error’: ‘Internal Server Error’, ‘code’: 500}
@hug.get(‘/secure-endpoint’)
def secure_access(file_path: str):
try:
# Implementation logic here
with open(file_path, ‘r’) as f:
return f.read()
except FileNotFoundError:
return {‘error’: ‘Resource not found’}
except Exception as e:
# Let the global handler catch unexpected failures
raise e