Skip to content

Commit

Permalink
Merge pull request #68 from redBorder/fix_code_scanning_alert
Browse files Browse the repository at this point in the history
PR-57: Fix code scanning alert - Information exposure through an exception
  • Loading branch information
PRodriguezFlores authored May 20, 2024
2 parents ad55e74 + 47dff04 commit a304e89
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 12 deletions.
24 changes: 13 additions & 11 deletions resources/src/server/rest.py
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,7 @@ def calculate(self):
data = request.form.get('data')
druid_query = request.form.get('query')
if data is None and druid_query is None:
error_message="No data provided or requested"
logger.logger.error(error_message)
return self.return_error(error=error_message)
return self.return_error(msg="No data provided or requested")
try:
if data is None:
druid_query=self.decode_b64_json(druid_query)
Expand All @@ -112,7 +110,7 @@ def calculate(self):
else:
data = self.decode_b64_json(data)
except Exception as e:
return self.return_error(error=str(e))
return self.return_error(msg="Could not execute druid query", exception=e)
logger.logger.info("Starting outliers execution")
return self.execute_model(data, config.get("Outliers","metric"), model)

Expand Down Expand Up @@ -217,18 +215,22 @@ def execute_model(self, data, metric, model='default'):
metric,
))
except Exception as e:
error_message = "Error while calculating prediction model"
logger.logger.error(error_message + ": " + str(e))
return self.return_error(error=error_message)
return self.return_error(msg="Error while calculating prediction model", exception=e)

def return_error(self, error="error"):
def return_error(self, msg="error", exception=None):
"""
Returns an adequate formatted JSON for whenever there is an error.
Returns a properly formatted JSON response for errors.
Args:
error (string): message detailing what type of error has been fired.
msg (str): Message detailing the type of error that has occurred.
exception (Exception, optional): Exception object to include in the error message. Defaults to None.
Returns:
Response: JSON response indicating an error status.
"""
return jsonify({ "status": "error", "msg":error })
logged_error = msg + f": {exception}" if exception else msg
logger.logger.error(logged_error)
return jsonify({ "status": "error", "msg":msg })

def start_s3_sync_thread(self):
"""
Expand Down
2 changes: 1 addition & 1 deletion resources/tests/test_rest.py
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ def test_calculate_endpoint_invalid_query(self):
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.get_json(),
{'msg': 'Error decoding json', 'status': 'error'}
{'msg': 'Could not execute druid query', 'status': 'error'}
)

def test_calculate_endpoint_druid_query_execution_malfunction(self):
Expand Down

0 comments on commit a304e89

Please sign in to comment.