Finnet Code Fix: Internal File Paths Leaked in HTTP Error Responses (IFN-03-002)

A security vulnerability in Finnet's codebase exposed internal server file paths to users via HTTP error messages, creating a potential information disclosure risk. The flaw, tracked internally as IFN-03-002, allowed detailed directory structures and system layouts to be revealed in error responses and logs, providing attackers with reconnaissance data about the underlying server environment.

The issue was rooted in multiple Go source files (`server.go`, `tool.go`, `ziputils.go`) where error-handling functions returned full file paths. For instance, the `processFilesAndMnemonics()` and `handleListZipFiles()` functions in `server.go` were leaking this data directly to HTTP clients. The fix involved systematically stripping these paths, using `filepath.Base()` to display only the filename in error messages, thereby removing the internal system context from all exposed outputs.

This remediation directly addresses a classic security hardening requirement: minimizing information leakage. While the immediate risk is reconnaissance rather than direct exploitation, such disclosures can aid in crafting more targeted attacks. The fix has been validated through a test plan confirming that valid and invalid file uploads now return errors containing only filenames, successfully closing this unintended data exposure vector.