From 5017ff397bc8de682e0d4a47d8af0d6be507e907 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:59:46 +0900 Subject: [PATCH] Fix code scanning alert no. 35: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .../AOAISearchDemo/app/data/app.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..bfacccb 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -148,13 +148,13 @@ def update_chat_session(user_id: str, conversation_id: str): return Response(response=json.dumps(session.to_item()), status=200) except (TypeError, NullValueError, MissingPropertyError, ValueError) as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=400) + return Response(response="An error occurred while processing your request.", status=400) except SessionNotFoundError as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=404) + return Response(response="Chat session not found.", status=404) except Exception as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal server error occurred.", status=500) @app.route('/chat-sessions//', methods=['DELETE']) def clear_chat_session(user_id: str, conversation_id: str): @@ -162,9 +162,10 @@ def clear_chat_session(user_id: str, conversation_id: str): chat_manager.clear_chat_session(user_id, conversation_id) return Response(status=200) except SessionNotFoundError as e: - return Response(response=str(e), status=404) + return Response(response="Chat session not found.", status=404) except Exception as e: - return Response(response=str(e), status=500) + logger.exception(f"clear-chat-session: error: {e}") + return Response(response="An internal server error occurred.", status=500) @app.route('/user-profiles/', methods=['POST']) def create_user_profile(user_id: str): @@ -185,11 +186,12 @@ def create_user_profile(user_id: str): user_profile = entities_manager.create_user_profile(user_id, user_name, description, sample_questions) return Response(response=json.dumps(user_profile.to_item()), status=201) except (TypeError, NullValueError, MissingPropertyError) as e: - return Response(response=str(e), status=400) + return Response(response="Invalid request data.", status=400) except CosmosConflictError as e: - return Response(response=str(e), status=409) + return Response(response="Conflict occurred while creating user profile.", status=409) except Exception as e: - return Response(response=str(e), status=500) + logger.exception(f"create-user-profile: error: {e}") + return Response(response="An internal server error occurred.", status=500) @app.route('/user-profiles/', methods=['GET']) def get_user_profile(user_id: str):