Fix security issues for checkmarx (#390)

* Fix security issues
* Improve exceptioon handling and logging errros

doc_indexer/src/fetcher/fetcher.py

@@ -52,11 +52,9 @@ def fetch_documents(self, source: DocumentsSource) -> None:
         try:
             scroller = Scroller(repo_dir, module_output_dir, source)
             scroller.scroll()
-        except Exception as e:
-            logger.error(
-                f"Error while scrolling documents for: {source.name}: {str(e)}"
-            )
-            raise e
+        except Exception:
+            logger.exception(f"Error while scrolling documents for: {source.name}")
+            raise
         finally:
             # delete the directories if they exist
             logger.debug(f"Deleting the temporary directory: {repo_dir}")

doc_indexer/src/indexing/adaptive_indexer.py

@@ -304,9 +304,9 @@ def index(self) -> None:
                         f"Indexed final batch {batch_count} with {len(batch)} chunks"
                     )
 
-            except Exception as e:
-                logger.error(
-                    f"Error while storing documents batch {batch_count + 1} in HanaDB: {str(e)}"
+            except Exception:
+                logger.exception(
+                    f"Error while storing documents batch {batch_count + 1} in HanaDB"
                 )
                 raise
 

doc_indexer/src/indexing/indexer.py

@@ -30,8 +30,8 @@ def create_chunks(
             chunks = text_splitter.split_text(doc.page_content)
             all_chunks.extend([chunk for chunk in chunks if chunk.page_content.strip()])
         logger.info(f"Successfully created {len(all_chunks)} document chunks.")
-    except Exception as e:
-        logger.error(f"Error while creating document chunks: {e}")
+    except Exception:
+        logger.exception("Error while creating document chunks")
         raise
 
     return all_chunks
@@ -120,9 +120,9 @@ def index(self) -> None:
                 if i + CHUNKS_BATCH_SIZE < len(all_chunks):
                     time.sleep(3)
 
-            except Exception as e:
-                logger.error(
-                    f"Error while storing documents batch {i//CHUNKS_BATCH_SIZE + 1} in HanaDB: {str(e)}"
+            except Exception:
+                logger.exception(
+                    f"Error while storing documents batch {i//CHUNKS_BATCH_SIZE + 1} in HanaDB"
                 )
                 raise
 

doc_indexer/src/utils/settings.py

@@ -31,17 +31,17 @@ def load_env_from_json() -> None:
                     os.environ[key] = str(value)
                 else:
                     os.environ[MODELS_CONFIGS_KEY] = json.dumps(value)
-    except json.JSONDecodeError as e:
-        logging.error(f"Invalid JSON format in config file {config_path}: {e}")
+    except json.JSONDecodeError:
+        logging.exception(f"Invalid JSON format in config file {config_path}")
         raise
     except FileNotFoundError:
         logging.error(
             f"Config file not found at {config_path}. Place the config file at the default location:"
             f"{default_config_path} or set the CONFIG_PATH environment variable."
         )
         raise
-    except Exception as e:
-        logging.error(f"Error loading config from {config_path}: {e}")
+    except Exception:
+        logging.exception(f"Error loading config from {config_path}")
         raise
 
 

src/agents/common/agent.py

@@ -147,12 +147,15 @@ async def _model_node(
         try:
             response = await self._invoke_chain(state, config)
         except Exception as e:
-            error_message = f"An error occurred while processing the request: {e}"
+            error_message = (
+                f"An unexpected error occurred while processing your request: {e}"
+            )
             logger.error(error_message)
             return {
                 AGENT_MESSAGES: [
                     AIMessage(
-                        content=f"Sorry, {error_message}",
+                        content="Sorry, an unexpected error occurred while processing your request."
+                        "Please try again later.",
                         name=self.name,
                     )
                 ],

src/agents/common/response_converter.py

@@ -85,10 +85,8 @@ def _parse_yamls(self, yaml_config: str) -> Any | None:
                 # Parse raw string
                 parsed_yaml = yaml.safe_load(yaml_config)
 
-        except Exception as e:
-            logger.error(
-                f"Error while parsing the yaml : {yaml_config} , Exception : {e}"
-            )
+        except Exception:
+            logger.exception(f"Error while parsing the yaml : {yaml_config}")
 
             return None
 
@@ -112,9 +110,9 @@ def _generate_resource_link(
             namespace = yaml_config["metadata"]["namespace"]
             deployment_name = yaml_config["metadata"]["name"]
             resource_type = yaml_config["kind"]
-        except Exception as e:
-            logger.error(
-                f"Error in generating link, skipping the yaml: {yaml_config} , Exception : {e}"
+        except Exception:
+            logger.exception(
+                f"Error in generating link, skipping the yaml: {yaml_config}"
             )
             return None
 
@@ -258,8 +256,8 @@ def convert_final_response(self, state: dict[str, Any]) -> dict[str, Any]:
                     finalizer_response, replacement_list, UPDATE_YAML
                 )
 
-        except Exception as e:
-            logger.error(f"Error in converting final response: {e}")
+        except Exception:
+            logger.exception("Error in converting final response")
 
         return {
             MESSAGES: [

src/agents/common/utils.py

@@ -156,14 +156,14 @@ def get_current_day_timestamps_utc() -> tuple[str, str]:
 
 def hash_url(url: str) -> str:
     """
-    Generate a 32-character MD5 hash of a given URL.
+    Generate SHA256 hash of a given URL.
 
     :url (str): The URL string to be hashed.
 
     Returns:
-        str: A 32-character hexadecimal string representing the MD5 hash.
+        str: A 64-character hexadecimal string representing the SHA256 hash.
     """
-    return hashlib.md5(url.encode()).hexdigest()
+    return hashlib.sha256(url.encode()).hexdigest()
 
 
 def compute_string_token_count(text: str, model_type: ModelType) -> int:

src/agents/graph.py

@@ -179,8 +179,8 @@ async def _common_node(self, state: CompanionState) -> dict[str, Any]:
                         ],
                         SUBTASKS: state.subtasks,
                     }
-                except Exception as e:
-                    logger.error(f"Error in common node: {e}")
+                except Exception:
+                    logger.exception("Error in common node")
                     return {
                         MESSAGES: [
                             AIMessage(

src/routers/conversations.py

@@ -222,9 +222,8 @@ async def check_token_usage(
         total_token_usage = await langfuse_service.get_total_token_usage(
             from_timestamp, to_timestamp, cluster_id
         )
-    except Exception as e:
-        logger.error(e)
-        logger.error("failed to connect to the Langfuse API")
+    except Exception:
+        logger.exception("failed to connect to the Langfuse API")
 
     if total_token_usage > token_limit:
         current_utc = datetime.now(UTC)

src/services/conversation.py

@@ -65,8 +65,8 @@ def __init__(
         try:
             self._model_factory = model_factory or ModelFactory(config=config)
             models = self._model_factory.create_models()
-        except Exception as e:
-            logger.error(f"Failed to initialize models: {e}")
+        except Exception:
+            logger.exception("Failed to initialize models")
             raise
 
         model_mini = cast(IModel, models[ModelType.GPT4O_MINI])

src/services/data_sanitizer.py

@@ -62,6 +62,8 @@
 ]
 
 REDACTED_VALUE = "[REDACTED]"
+SECRET_LIST_KIND_NAME = "SecretList"
+SECRET_KIND_NAME = "Secret"
 
 
 class IDataSanitizer(Protocol):
@@ -104,7 +106,7 @@ def _sanitize_object(self, obj: dict) -> dict:
 
         # Handle specific Kubernetes resource types
         if "kind" in obj:
-            if obj["kind"] == "Secret" or obj["kind"] == "SecretList":
+            if obj["kind"] == SECRET_KIND_NAME or obj["kind"] == SECRET_LIST_KIND_NAME:
                 return self._sanitize_secret(obj)
             elif obj["kind"] in (self.config.resources_to_sanitize or []):
                 if "items" in obj:

src/utils/config.py

@@ -79,9 +79,9 @@ def get_config() -> Config:
         sanitization_config = data.get("sanitization_config", None)
         config = Config(models=models_data, sanitization_config=sanitization_config)
         return config
-    except json.JSONDecodeError as e:
-        logger.error(f"Invalid JSON format in config file {config_file}: {e}")
+    except json.JSONDecodeError:
+        logger.exception(f"Invalid JSON format in config file {config_file}")
         raise
-    except Exception as e:
-        logger.error(f"Error loading config from {config_file}: {e}")
+    except Exception:
+        logger.exception(f"Error loading config from {config_file}")
         raise

tests/unit/agents/common/test_agent.py

@@ -395,11 +395,11 @@ def test_subtask_selector_node(
                 {
                     AGENT_MESSAGES: [
                         AIMessage(
-                            content="Sorry, An error occurred while processing the request: This is a dummy exception from model.",
+                            content="Sorry, an unexpected error occurred while processing your request.Please try again later.",
                             name="KubernetesAgent",
                         )
                     ],
-                    ERROR: "An error occurred while processing the request: This is a dummy exception from model.",
+                    ERROR: "An unexpected error occurred while processing your request: This is a dummy exception from model.",
                 },
                 {
                     AGENT_MESSAGES: [AIMessage(content="dummy message 1")],