From df67a2edc89cc6d585e9c4144addd997ebbf2718 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:54:30 +0900 Subject: [PATCH 01/14] Fix code scanning alert no. 64: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..fa8eb3f 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -279,7 +279,8 @@ def update_user_group(group_id: str): except (TypeError, NullValueError, MissingPropertyError, ValueError) as e: return Response(response=str(e), status=400) except SessionNotFoundError as e: - return Response(response=str(e), status=404) + logging.error("Session not found: %s", e, exc_info=True) + return Response(response="Session not found.", status=404) except Exception as e: logging.error("An error occurred while updating user group: %s", e, exc_info=True) return Response(response="An internal error has occurred.", status=500) From 61d6b9d8395d12f9e0164846e3c0055667dcea7c Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:55:17 +0900 Subject: [PATCH 02/14] Fix code scanning alert no. 8: Reflected server-side cross-site scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..5029ccc 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -85,8 +85,8 @@ def get_chat_session(user_id: str, conversation_id: str): properties = logger.get_updated_properties(addl_dim) if session is None: - logger.info(f"get-chat-session: session with conversation_id {conversation_id} not found", extra=properties) - return Response(response=f"Chat session with conversation_id {conversation_id} not found.", status=404) + logger.info(f"get-chat-session: session with conversation_id {html.escape(conversation_id)} not found", extra=properties) + return Response(response=f"Chat session with conversation_id {html.escape(conversation_id)} not found.", status=404) else: logger.info("get-chat-session: session found", extra=properties) return Response(response=json.dumps(session.to_item()), status=200) From b2414ef418d24c6a7ffa6248936377438381b096 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:55:23 +0900 Subject: [PATCH 03/14] Fix code scanning alert no. 10: Reflected server-side cross-site scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..d04e364 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -242,7 +242,8 @@ def get_user_group(group_id: str): try: user_group = entities_manager.get_user_group(group_id) if user_group is None: - return Response(response=f"User group with group_id {group_id} not found.", status=404) + escaped_group_id = html.escape(group_id) + return Response(response=f"User group with group_id {escaped_group_id} not found.", status=404) else: return Response(response=json.dumps(user_group.to_item()), status=200) except Exception as e: From aebd8e8ae23d5127283419e15f721d70864f9095 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:55:29 +0900 Subject: [PATCH 04/14] Fix code scanning alert no. 11: Reflected server-side cross-site scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..22c4ee8 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -254,7 +254,7 @@ def get_user_member_groups(user_id: str): try: user_groups = entities_manager.get_user_member_groups(user_id) if user_groups is None: - return Response(response=f"User with user_id {user_id} not found.", status=404) + return Response(response=f"User with user_id {html.escape(user_id)} not found.", status=404) else: return Response(response=json.dumps([user_group.to_item_no_users() for user_group in user_groups]), status=200) except Exception as e: From 8bf43ae005178a415b4ce4802a8af8fbac8fef12 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:55:34 +0900 Subject: [PATCH 05/14] Fix code scanning alert no. 12: Reflected server-side cross-site scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..156bf7b 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -310,7 +310,7 @@ def get_resource(resource_id: str): try: resource = entities_manager.get_resource(resource_id) if resource is None: - return Response(response=f"Resource with resource_id {resource_id} not found.", status=404) + return Response(response=f"Resource with resource_id {html.escape(resource_id)} not found.", status=404) else: return Response(response=json.dumps(resource.to_item()), status=200) except Exception as e: From cde4d7086eb1cc59ff1351f780f90627d0b032e6 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:55:38 +0900 Subject: [PATCH 06/14] Fix code scanning alert no. 13: Reflected server-side cross-site scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..c57f452 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -322,7 +322,7 @@ def get_user_resources(user_id: str): try: user_profile = entities_manager.get_user_profile(user_id) if user_profile is None: - return Response(response=f"User with user_id {user_id} not found.", status=404) + return Response(response=f"User with user_id {html.escape(user_id)} not found.", status=404) user_groups = entities_manager.get_user_member_groups(user_id) resources = permissions_manager.get_user_resources(user_profile, user_groups) From 7611246e004d8b36fc15a002712741b3c5b43ccb Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:55:45 +0900 Subject: [PATCH 07/14] Fix code scanning alert no. 14: Reflected server-side cross-site scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..38d1a06 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -373,7 +373,7 @@ def get_access_rule(rule_id: str): try: access_rule = permissions_manager.get_access_rule(rule_id) if access_rule is None: - return Response(response=f"Access rule with rule_id {rule_id} not found.", status=404) + return Response(response=f"Access rule with rule_id {html.escape(rule_id)} not found.", status=404) else: return Response(response=json.dumps(access_rule.to_item()), status=200) except Exception as e: From 238b1254698b863dd7d28bd573f9adf69164b4ca Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:56:44 +0900 Subject: [PATCH 08/14] Fix code scanning alert no. 30: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..2e91b3d 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -68,7 +68,7 @@ def create_chat_session(user_id: str, conversation_id: str): return Response(response=str(e), status=409) except Exception as e: logger.exception(f"create-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal error has occurred.", status=500) @app.route('/chat-sessions//', methods=['GET']) def get_chat_session(user_id: str, conversation_id: str): @@ -92,7 +92,7 @@ def get_chat_session(user_id: str, conversation_id: str): return Response(response=json.dumps(session.to_item()), status=200) except Exception as e: logger.exception(f"get-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal error has occurred.", status=500) @app.route('/check-chat-session//', methods=['GET']) def check_chat_session(user_id: str, conversation_id: str): From 84948e2a1ca20e1c28bc3aa393cc98aa679eb0a2 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:56:47 +0900 Subject: [PATCH 09/14] Fix code scanning alert no. 32: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..9ce09f5 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -114,7 +114,7 @@ def check_chat_session(user_id: str, conversation_id: str): return Response(response="true", status=200) except Exception as e: logger.exception(f"check-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal error has occurred.", status=500) @app.route('/chat-sessions//', methods=['PUT']) def update_chat_session(user_id: str, conversation_id: str): From 3b469abd7c7932d7bfe9d37d6dd34ebc5bbcc33b Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:56:50 +0900 Subject: [PATCH 10/14] Fix code scanning alert no. 33: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..a857000 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -148,13 +148,13 @@ def update_chat_session(user_id: str, conversation_id: str): return Response(response=json.dumps(session.to_item()), status=200) except (TypeError, NullValueError, MissingPropertyError, ValueError) as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=400) + return Response(response="An error occurred while processing your request.", status=400) except SessionNotFoundError as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=404) + return Response(response="Session not found.", status=404) except Exception as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal server error occurred.", status=500) @app.route('/chat-sessions//', methods=['DELETE']) def clear_chat_session(user_id: str, conversation_id: str): @@ -162,9 +162,9 @@ def clear_chat_session(user_id: str, conversation_id: str): chat_manager.clear_chat_session(user_id, conversation_id) return Response(status=200) except SessionNotFoundError as e: - return Response(response=str(e), status=404) + return Response(response="Session not found.", status=404) except Exception as e: - return Response(response=str(e), status=500) + return Response(response="An internal server error occurred.", status=500) @app.route('/user-profiles/', methods=['POST']) def create_user_profile(user_id: str): From f9b0a7097cfe68bc71bcfa5ac01db69e6381799d Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:57:46 +0900 Subject: [PATCH 11/14] Fix code scanning alert no. 31: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..15cc99d 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -68,7 +68,7 @@ def create_chat_session(user_id: str, conversation_id: str): return Response(response=str(e), status=409) except Exception as e: logger.exception(f"create-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal error has occurred.", status=500) @app.route('/chat-sessions//', methods=['GET']) def get_chat_session(user_id: str, conversation_id: str): @@ -92,7 +92,7 @@ def get_chat_session(user_id: str, conversation_id: str): return Response(response=json.dumps(session.to_item()), status=200) except Exception as e: logger.exception(f"get-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal error has occurred.", status=500) @app.route('/check-chat-session//', methods=['GET']) def check_chat_session(user_id: str, conversation_id: str): @@ -114,7 +114,7 @@ def check_chat_session(user_id: str, conversation_id: str): return Response(response="true", status=200) except Exception as e: logger.exception(f"check-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal error has occurred.", status=500) @app.route('/chat-sessions//', methods=['PUT']) def update_chat_session(user_id: str, conversation_id: str): From d9b59790602ab93aec96c043eebe68fbe7d8834b Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:59:38 +0900 Subject: [PATCH 12/14] Fix code scanning alert no. 29: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..b8c8c23 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -62,13 +62,13 @@ def create_chat_session(user_id: str, conversation_id: str): return Response(response=json.dumps(session.to_item()), status=201) except (TypeError, NullValueError, MissingPropertyError) as e: logger.exception(f"create-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=400) + return Response(response="Invalid input provided.", status=400) except CosmosConflictError as e: logger.exception(f"create-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=409) + return Response(response="Conflict occurred while creating chat session.", status=409) except Exception as e: logger.exception(f"create-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal error has occurred.", status=500) @app.route('/chat-sessions//', methods=['GET']) def get_chat_session(user_id: str, conversation_id: str): @@ -92,7 +92,7 @@ def get_chat_session(user_id: str, conversation_id: str): return Response(response=json.dumps(session.to_item()), status=200) except Exception as e: logger.exception(f"get-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal error has occurred.", status=500) @app.route('/check-chat-session//', methods=['GET']) def check_chat_session(user_id: str, conversation_id: str): From 59a4a6cd28dffd4073b082131bd22926dc17912a Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:59:42 +0900 Subject: [PATCH 13/14] Fix code scanning alert no. 34: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..e40c673 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -148,13 +148,13 @@ def update_chat_session(user_id: str, conversation_id: str): return Response(response=json.dumps(session.to_item()), status=200) except (TypeError, NullValueError, MissingPropertyError, ValueError) as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=400) + return Response(response="An error occurred while processing your request.", status=400) except SessionNotFoundError as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=404) + return Response(response="Chat session not found.", status=404) except Exception as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal server error occurred.", status=500) @app.route('/chat-sessions//', methods=['DELETE']) def clear_chat_session(user_id: str, conversation_id: str): @@ -162,9 +162,11 @@ def clear_chat_session(user_id: str, conversation_id: str): chat_manager.clear_chat_session(user_id, conversation_id) return Response(status=200) except SessionNotFoundError as e: - return Response(response=str(e), status=404) + logger.exception(f"clear-chat-session: error: {e} ") + return Response(response="Chat session not found.", status=404) except Exception as e: - return Response(response=str(e), status=500) + logger.exception(f"clear-chat-session: error: {e} ") + return Response(response="An internal server error occurred.", status=500) @app.route('/user-profiles/', methods=['POST']) def create_user_profile(user_id: str): From 5017ff397bc8de682e0d4a47d8af0d6be507e907 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 13:59:46 +0900 Subject: [PATCH 14/14] Fix code scanning alert no. 35: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .../AOAISearchDemo/app/data/app.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index d1d8ada..bfacccb 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -148,13 +148,13 @@ def update_chat_session(user_id: str, conversation_id: str): return Response(response=json.dumps(session.to_item()), status=200) except (TypeError, NullValueError, MissingPropertyError, ValueError) as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=400) + return Response(response="An error occurred while processing your request.", status=400) except SessionNotFoundError as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=404) + return Response(response="Chat session not found.", status=404) except Exception as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal server error occurred.", status=500) @app.route('/chat-sessions//', methods=['DELETE']) def clear_chat_session(user_id: str, conversation_id: str): @@ -162,9 +162,10 @@ def clear_chat_session(user_id: str, conversation_id: str): chat_manager.clear_chat_session(user_id, conversation_id) return Response(status=200) except SessionNotFoundError as e: - return Response(response=str(e), status=404) + return Response(response="Chat session not found.", status=404) except Exception as e: - return Response(response=str(e), status=500) + logger.exception(f"clear-chat-session: error: {e}") + return Response(response="An internal server error occurred.", status=500) @app.route('/user-profiles/', methods=['POST']) def create_user_profile(user_id: str): @@ -185,11 +186,12 @@ def create_user_profile(user_id: str): user_profile = entities_manager.create_user_profile(user_id, user_name, description, sample_questions) return Response(response=json.dumps(user_profile.to_item()), status=201) except (TypeError, NullValueError, MissingPropertyError) as e: - return Response(response=str(e), status=400) + return Response(response="Invalid request data.", status=400) except CosmosConflictError as e: - return Response(response=str(e), status=409) + return Response(response="Conflict occurred while creating user profile.", status=409) except Exception as e: - return Response(response=str(e), status=500) + logger.exception(f"create-user-profile: error: {e}") + return Response(response="An internal server error occurred.", status=500) @app.route('/user-profiles/', methods=['GET']) def get_user_profile(user_id: str):