Fix code scanning alert no. 35: Information exposure through an excep…

…tion Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
arpitjain099 · Oct 20, 2024 · 5017ff3 · 5017ff3
1 parent 760c74a
commit 5017ff3
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py
@@ -148,23 +148,24 @@ def update_chat_session(user_id: str, conversation_id: str):
         return Response(response=json.dumps(session.to_item()), status=200)
     except (TypeError, NullValueError, MissingPropertyError, ValueError) as e:
         logger.exception(f"update-chat-session: error: {e} ", extra=properties)
-        return Response(response=str(e), status=400)
+        return Response(response="An error occurred while processing your request.", status=400)
     except SessionNotFoundError as e:
         logger.exception(f"update-chat-session: error: {e} ", extra=properties)
-        return Response(response=str(e), status=404)
+        return Response(response="Chat session not found.", status=404)
     except Exception as e:
         logger.exception(f"update-chat-session: error: {e} ", extra=properties)
-        return Response(response=str(e), status=500)
+        return Response(response="An internal server error occurred.", status=500)
 
 @app.route('/chat-sessions/<user_id>/<conversation_id>', methods=['DELETE'])
 def clear_chat_session(user_id: str, conversation_id: str):
     try:
         chat_manager.clear_chat_session(user_id, conversation_id)
         return Response(status=200)
     except SessionNotFoundError as e:
-        return Response(response=str(e), status=404)
+        return Response(response="Chat session not found.", status=404)
     except Exception as e:
-        return Response(response=str(e), status=500)
+        logger.exception(f"clear-chat-session: error: {e}")
+        return Response(response="An internal server error occurred.", status=500)
 
 @app.route('/user-profiles/<user_id>', methods=['POST'])
 def create_user_profile(user_id: str):
@@ -185,11 +186,12 @@ def create_user_profile(user_id: str):
         user_profile = entities_manager.create_user_profile(user_id, user_name, description, sample_questions)
         return Response(response=json.dumps(user_profile.to_item()), status=201)
     except (TypeError, NullValueError, MissingPropertyError) as e:
-        return Response(response=str(e), status=400)
+        return Response(response="Invalid request data.", status=400)
     except CosmosConflictError as e:
-        return Response(response=str(e), status=409)
+        return Response(response="Conflict occurred while creating user profile.", status=409)
     except Exception as e:
-        return Response(response=str(e), status=500)
+        logger.exception(f"create-user-profile: error: {e}")
+        return Response(response="An internal server error occurred.", status=500)
 
 @app.route('/user-profiles/<user_id>', methods=['GET'])
 def get_user_profile(user_id: str):