Use JSON to pass error hash instead of dangerous instance_eval

unboxed · Dec 1, 2023 · 4f9b98e · 4f9b98e
1 parent 1cfee9b
commit 4f9b98e
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 11 deletions.
diff --git a/app/controllers/concerns/api/error_handler.rb b/app/controllers/concerns/api/error_handler.rb
@@ -11,12 +11,12 @@ module ErrorHandler
       private
 
       def format_error(error)
-        error_hash = instance_eval(error.message)
+        error_hash = JSON.parse(error.message)
 
-        response = error_hash[:response]
+        response = error_hash["response"]
         message = response["message"] || response
-        status = error_hash[:status].to_s || API_ERROR.to_s
-        http_method = error_hash[:http_method].to_s
+        status = error_hash["status"].to_s || API_ERROR.to_s
+        http_method = error_hash["http_method"].to_s
 
         respond_to do |format|
           format.json do

diff --git a/app/services/request.rb b/app/services/request.rb
@@ -57,7 +57,7 @@ def call # rubocop:disable Metrics/CyclomaticComplexity
   attr_reader :connection, :http_method, :params, :upload_file
 
   def errors(response, status)
-    {response:, status:, http_method:}
+    {response:, status:, http_method:}.to_json
   end
 
   def get_response_and_status # rubocop:disable Metrics/AbcSize, Naming/AccessorMethodName

diff --git a/spec/services/request_spec.rb b/spec/services/request_spec.rb
@@ -41,7 +41,7 @@
         expect do
           request.call
         end.to raise_error(described_class::BadRequestError)
-          .with_message("{:response=>\"Bad request\", :status=>400, :http_method=>:get}")
+          .with_message(%({"response":"Bad request","status":400,"http_method":"get"}))
       end
     end
 
@@ -57,7 +57,7 @@
         expect do
           request.call
         end.to raise_error(described_class::UnauthorizedError)
-          .with_message("{:response=>\"Unauthorized\", :status=>401, :http_method=>:get}")
+          .with_message(%({"response":"Unauthorized","status":401,"http_method":"get"}))
       end
     end
 
@@ -73,7 +73,7 @@
         expect do
           request.call
         end.to raise_error(described_class::ForbiddenError)
-          .with_message("{:response=>\"Forbidden\", :status=>403, :http_method=>:get}")
+          .with_message(%({"response":"Forbidden","status":403,"http_method":"get"}))
       end
     end
 
@@ -89,7 +89,7 @@
         expect do
           request.call
         end.to raise_error(described_class::RecordNotFoundError)
-          .with_message("{:response=>\"Record not found\", :status=>404, :http_method=>:get}")
+          .with_message(%({"response":"Record not found","status":404,"http_method":"get"}))
       end
     end
 
@@ -105,7 +105,7 @@
         expect do
           request.call
         end.to raise_error(described_class::ApiError)
-          .with_message("{:response=>\"API error\", :status=>500, :http_method=>:get}")
+          .with_message(%({"response":"API error","status":500,"http_method":"get"}))
       end
     end
 
@@ -121,7 +121,7 @@
         expect do
           request.call
         end.to raise_error(described_class::TimeoutError)
-          .with_message("{:response=>\"Timeout Error\", :status=>504, :http_method=>:get}")
+          .with_message(%({"response":"Timeout Error","status":504,"http_method":"get"}))
       end
     end
   end