From 45ab047dfccc185def05c5b82373528de3bd9b9e Mon Sep 17 00:00:00 2001
From: David Ortiz <z.david.ortiz@gmail.com>
Date: Fri, 7 Feb 2020 12:59:48 +0100
Subject: [PATCH] rack: return generic error instead of leaking exception msg

---
 lib/falcon/adapters/rack.rb | 6 +++---
 spec/falcon/server_spec.rb  | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/falcon/adapters/rack.rb b/lib/falcon/adapters/rack.rb
index 374d9c43..089a7de1 100644
--- a/lib/falcon/adapters/rack.rb
+++ b/lib/falcon/adapters/rack.rb
@@ -191,11 +191,11 @@ def call(request)
 			rescue => exception
 				@logger.error(self) {exception}
 				
-				return failure_response(exception)
+				return failure_response
 			end
 			
-			def failure_response(exception)
-				Protocol::HTTP::Response.for_exception(exception)
+			def failure_response
+				Protocol::HTTP::Response[500, {'content-type' => 'text/plain'}, ['Internal Server Error']]
 			end
 		end
 	end
diff --git a/spec/falcon/server_spec.rb b/spec/falcon/server_spec.rb
index bf574cb1..9af6984a 100644
--- a/spec/falcon/server_spec.rb
+++ b/spec/falcon/server_spec.rb
@@ -104,13 +104,13 @@
 				raise RuntimeError, "Middleware is broken"
 			end
 		end
-		
-		it "results in a 500 error if middleware raises an exception" do
+
+		it "results in a 500 error (without exposing the exception msg) if middleware raises" do
 			response = client.get("/", {})
 			
 			expect(response).to_not be_success
 			expect(response.status).to be == 500
-			expect(response.read).to be =~ /RuntimeError: Middleware is broken/
-		end
+			expect(response.read).to eq "Internal Server Error"
+    end
 	end
 end