From dc2a53c14f33a5e7a9bbe88ab6b1a4c93a5bfc9d Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 14:11:44 +0900 Subject: [PATCH 1/5] Fix code scanning alert no. 66: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index 98d6a72..3c08d26 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -281,7 +281,8 @@ def update_user_group(group_id: str): user_group = entities_manager.add_users_to_user_group(group_id, new_users) return Response(response=json.dumps(user_group.to_item()), status=200) except (TypeError, NullValueError, MissingPropertyError, ValueError) as e: - return Response(response=str(e), status=400) + logging.error("An error occurred while updating user group: %s", e, exc_info=True) + return Response(response="An internal error has occurred.", status=400) except SessionNotFoundError as e: logging.error("Session not found: %s", e, exc_info=True) return Response(response="Session not found.", status=404) From 0f8533a6aef395c121cd4ab9790b35939a3c4e94 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 14:11:48 +0900 Subject: [PATCH 2/5] Fix code scanning alert no. 45: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index 98d6a72..17064a8 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -205,7 +205,8 @@ def get_user_profile(user_id: str): else: return Response(response=json.dumps(user_profile.to_item()), status=200) except Exception as e: - return Response(response=str(e), status=500) + logging.error("An error occurred while fetching user profile: %s", e, exc_info=True) + return Response(response="An internal error has occurred.", status=500) @app.route('/user-profiles', methods=['GET']) def get_all_user_profiles(): @@ -214,7 +215,8 @@ def get_all_user_profiles(): json_user_profiles = [user_profile.to_item() for user_profile in user_profiles] return Response(response=json.dumps(json_user_profiles), status=200) except Exception as e: - return Response(response=str(e), status=500) + logging.error("An error occurred while fetching all user profiles: %s", e, exc_info=True) + return Response(response="An internal error has occurred.", status=500) @app.route('/user-groups/', methods=['POST']) def create_user_group(group_id: str): @@ -238,7 +240,8 @@ def create_user_group(group_id: str): except CosmosConflictError as e: return Response(response=str(e), status=409) except Exception as e: - return Response(response=str(e), status=500) + logging.error("An error occurred while creating user group: %s", e, exc_info=True) + return Response(response="An internal error has occurred.", status=500) @app.route('/user-groups/', methods=['GET']) def get_user_group(group_id: str): From 20751491f840e2113b66de9d3a2a269e16819716 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 14:11:53 +0900 Subject: [PATCH 3/5] Fix code scanning alert no. 39: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index 98d6a72..17064a8 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -205,7 +205,8 @@ def get_user_profile(user_id: str): else: return Response(response=json.dumps(user_profile.to_item()), status=200) except Exception as e: - return Response(response=str(e), status=500) + logging.error("An error occurred while fetching user profile: %s", e, exc_info=True) + return Response(response="An internal error has occurred.", status=500) @app.route('/user-profiles', methods=['GET']) def get_all_user_profiles(): @@ -214,7 +215,8 @@ def get_all_user_profiles(): json_user_profiles = [user_profile.to_item() for user_profile in user_profiles] return Response(response=json.dumps(json_user_profiles), status=200) except Exception as e: - return Response(response=str(e), status=500) + logging.error("An error occurred while fetching all user profiles: %s", e, exc_info=True) + return Response(response="An internal error has occurred.", status=500) @app.route('/user-groups/', methods=['POST']) def create_user_group(group_id: str): @@ -238,7 +240,8 @@ def create_user_group(group_id: str): except CosmosConflictError as e: return Response(response=str(e), status=409) except Exception as e: - return Response(response=str(e), status=500) + logging.error("An error occurred while creating user group: %s", e, exc_info=True) + return Response(response="An internal error has occurred.", status=500) @app.route('/user-groups/', methods=['GET']) def get_user_group(group_id: str): From 4f1b260ddc6cb2757492eaafa62797bf186f732d Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 14:11:57 +0900 Subject: [PATCH 4/5] Fix code scanning alert no. 38: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index 98d6a72..17064a8 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -205,7 +205,8 @@ def get_user_profile(user_id: str): else: return Response(response=json.dumps(user_profile.to_item()), status=200) except Exception as e: - return Response(response=str(e), status=500) + logging.error("An error occurred while fetching user profile: %s", e, exc_info=True) + return Response(response="An internal error has occurred.", status=500) @app.route('/user-profiles', methods=['GET']) def get_all_user_profiles(): @@ -214,7 +215,8 @@ def get_all_user_profiles(): json_user_profiles = [user_profile.to_item() for user_profile in user_profiles] return Response(response=json.dumps(json_user_profiles), status=200) except Exception as e: - return Response(response=str(e), status=500) + logging.error("An error occurred while fetching all user profiles: %s", e, exc_info=True) + return Response(response="An internal error has occurred.", status=500) @app.route('/user-groups/', methods=['POST']) def create_user_group(group_id: str): @@ -238,7 +240,8 @@ def create_user_group(group_id: str): except CosmosConflictError as e: return Response(response=str(e), status=409) except Exception as e: - return Response(response=str(e), status=500) + logging.error("An error occurred while creating user group: %s", e, exc_info=True) + return Response(response="An internal error has occurred.", status=500) @app.route('/user-groups/', methods=['GET']) def get_user_group(group_id: str): From d3640fd5c7f7ae46f83224317504ad32131d78f3 Mon Sep 17 00:00:00 2001 From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com> Date: Sun, 20 Oct 2024 14:12:01 +0900 Subject: [PATCH 5/5] Fix code scanning alert no. 42: Information exposure through an exception Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- End_to_end_Solutions/AOAISearchDemo/app/data/app.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index 98d6a72..dde3032 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -205,7 +205,8 @@ def get_user_profile(user_id: str): else: return Response(response=json.dumps(user_profile.to_item()), status=200) except Exception as e: - return Response(response=str(e), status=500) + logger.exception(f"get-user-profile: error: {e}") + return Response(response="An internal server error occurred.", status=500) @app.route('/user-profiles', methods=['GET']) def get_all_user_profiles(): @@ -214,7 +215,8 @@ def get_all_user_profiles(): json_user_profiles = [user_profile.to_item() for user_profile in user_profiles] return Response(response=json.dumps(json_user_profiles), status=200) except Exception as e: - return Response(response=str(e), status=500) + logger.exception(f"get-all-user-profiles: error: {e}") + return Response(response="An internal server error occurred.", status=500) @app.route('/user-groups/', methods=['POST']) def create_user_group(group_id: str): @@ -238,7 +240,8 @@ def create_user_group(group_id: str): except CosmosConflictError as e: return Response(response=str(e), status=409) except Exception as e: - return Response(response=str(e), status=500) + logger.exception(f"create-user-group: error: {e}") + return Response(response="An internal server error occurred.", status=500) @app.route('/user-groups/', methods=['GET']) def get_user_group(group_id: str):