Merge branch 'codeql' into alert-autofix-33

arpitjain099 · Oct 20, 2024 · cdd94c5 · cdd94c5
2 parents 3b469ab + 7c5b15f
commit cdd94c5
Showing 1 changed file with 19 additions and 15 deletions.
diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py
@@ -62,13 +62,13 @@ def create_chat_session(user_id: str, conversation_id: str):
         return Response(response=json.dumps(session.to_item()), status=201)
     except (TypeError, NullValueError, MissingPropertyError) as e:
         logger.exception(f"create-chat-session: error: {e} ", extra=properties)
-        return Response(response=str(e), status=400)
+        return Response(response="Invalid input provided.", status=400)
     except CosmosConflictError as e:
         logger.exception(f"create-chat-session: error: {e} ", extra=properties)
-        return Response(response=str(e), status=409)
+        return Response(response="Conflict occurred while creating chat session.", status=409)
     except Exception as e:
         logger.exception(f"create-chat-session: error: {e} ", extra=properties)
-        return Response(response=str(e), status=500)
+        return Response(response="An internal error has occurred.", status=500)
 
 @app.route('/chat-sessions/<user_id>/<conversation_id>', methods=['GET'])
 def get_chat_session(user_id: str, conversation_id: str):
@@ -85,14 +85,14 @@ def get_chat_session(user_id: str, conversation_id: str):
         properties = logger.get_updated_properties(addl_dim)
 
         if session is None:
-            logger.info(f"get-chat-session: session with conversation_id {conversation_id} not found", extra=properties)
-            return Response(response=f"Chat session with conversation_id {conversation_id} not found.", status=404)
+            logger.info(f"get-chat-session: session with conversation_id {html.escape(conversation_id)} not found", extra=properties)
+            return Response(response=f"Chat session with conversation_id {html.escape(conversation_id)} not found.", status=404)
         else:
             logger.info("get-chat-session: session found", extra=properties)
             return Response(response=json.dumps(session.to_item()), status=200)
     except Exception as e:
         logger.exception(f"get-chat-session: error: {e} ", extra=properties)
-        return Response(response=str(e), status=500)
+        return Response(response="An internal error has occurred.", status=500)
 
 @app.route('/check-chat-session/<user_id>/<conversation_id>', methods=['GET'])
 def check_chat_session(user_id: str, conversation_id: str):
@@ -114,7 +114,7 @@ def check_chat_session(user_id: str, conversation_id: str):
             return Response(response="true", status=200)
     except Exception as e:
         logger.exception(f"check-chat-session: error: {e} ", extra=properties)
-        return Response(response=str(e), status=500)
+        return Response(response="An internal error has occurred.", status=500)
 
 @app.route('/chat-sessions/<user_id>/<conversation_id>', methods=['PUT'])
 def update_chat_session(user_id: str, conversation_id: str):
@@ -151,7 +151,7 @@ def update_chat_session(user_id: str, conversation_id: str):
         return Response(response="An error occurred while processing your request.", status=400)
     except SessionNotFoundError as e:
         logger.exception(f"update-chat-session: error: {e} ", extra=properties)
-        return Response(response="Session not found.", status=404)
+        return Response(response="Chat session not found.", status=404)
     except Exception as e:
         logger.exception(f"update-chat-session: error: {e} ", extra=properties)
         return Response(response="An internal server error occurred.", status=500)
@@ -162,8 +162,9 @@ def clear_chat_session(user_id: str, conversation_id: str):
         chat_manager.clear_chat_session(user_id, conversation_id)
         return Response(status=200)
     except SessionNotFoundError as e:
-        return Response(response="Session not found.", status=404)
+        return Response(response="Chat session not found.", status=404)
     except Exception as e:
+        logger.exception(f"clear-chat-session: error: {e}")
         return Response(response="An internal server error occurred.", status=500)
 
 @app.route('/user-profiles/<user_id>', methods=['POST'])
@@ -185,11 +186,12 @@ def create_user_profile(user_id: str):
         user_profile = entities_manager.create_user_profile(user_id, user_name, description, sample_questions)
         return Response(response=json.dumps(user_profile.to_item()), status=201)
     except (TypeError, NullValueError, MissingPropertyError) as e:
-        return Response(response=str(e), status=400)
+        return Response(response="Invalid request data.", status=400)
     except CosmosConflictError as e:
-        return Response(response=str(e), status=409)
+        return Response(response="Conflict occurred while creating user profile.", status=409)
     except Exception as e:
-        return Response(response=str(e), status=500)
+        logger.exception(f"create-user-profile: error: {e}")
+        return Response(response="An internal server error occurred.", status=500)
 
 @app.route('/user-profiles/<user_id>', methods=['GET'])
 def get_user_profile(user_id: str):
@@ -242,7 +244,8 @@ def get_user_group(group_id: str):
     try:
         user_group = entities_manager.get_user_group(group_id)
         if user_group is None:
-            return Response(response=f"User group with group_id {group_id} not found.", status=404)
+            escaped_group_id = html.escape(group_id)
+            return Response(response=f"User group with group_id {escaped_group_id} not found.", status=404)
         else:
             return Response(response=json.dumps(user_group.to_item()), status=200)
     except Exception as e:
@@ -254,7 +257,7 @@ def get_user_member_groups(user_id: str):
     try:
         user_groups = entities_manager.get_user_member_groups(user_id)
         if user_groups is None:
-            return Response(response=f"User with user_id {user_id} not found.", status=404)
+            return Response(response=f"User with user_id {html.escape(user_id)} not found.", status=404)
         else:
             return Response(response=json.dumps([user_group.to_item_no_users() for user_group in user_groups]), status=200)
     except Exception as e:
@@ -279,7 +282,8 @@ def update_user_group(group_id: str):
     except (TypeError, NullValueError, MissingPropertyError, ValueError) as e:
         return Response(response=str(e), status=400)
     except SessionNotFoundError as e:
-        return Response(response=str(e), status=404)
+        logging.error("Session not found: %s", e, exc_info=True)
+        return Response(response="Session not found.", status=404)
     except Exception as e:
         logging.error("An error occurred while updating user group: %s", e, exc_info=True)
         return Response(response="An internal error has occurred.", status=500)