issue #2: fix information exposure through an exception

ai-cfia · Nov 24, 2023 · 9315b6e · 9315b6e
1 parent 4213839
commit 9315b6e
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 14 deletions.
diff --git a/.env.template b/.env.template
@@ -1,23 +1,30 @@
-# FINESSE_BACKEND_AZURE_SEARCH_ENDPOINT:
 # Endpoint URL of Azure Cognitive Search service. Format:
 # https://[service-name].search.windows.net
 FINESSE_BACKEND_AZURE_SEARCH_ENDPOINT=<Azure-Search-Service-Endpoint>
 
-# FINESSE_BACKEND_AZURE_SEARCH_API_KEY:
 # API key for Azure Cognitive Search. Used for operations such as
 # querying the search index.
 FINESSE_BACKEND_AZURE_SEARCH_API_KEY=<Azure-Search-API-Key>
 
-# FINESSE_BACKEND_AZURE_SEARCH_INDEX_NAME:
 # Name of the search index in Azure Cognitive Search. Contains documents
 # for search operations.
 FINESSE_BACKEND_AZURE_SEARCH_INDEX_NAME=<Search-Index-Name>
 
-# FINESSE_BACKEND_DEBUG_MODE:
 # Boolean flag to enable or disable debug mode for the application.
-# Defaults to False when not set.
+# Defaults to False when not set. Optional.
 # FINESSE_BACKEND_DEBUG_MODE=<True/False>
 
-# FINESSE_BACKEND_GITHUB_STATIC_FILE_URL:
 # URL for static file hosted on GitHub.
 FINESSE_BACKEND_GITHUB_STATIC_FILE_URL=https://api.github.com/repos/ai-cfia/finesse-data/contents
+
+# Message for empty search query errors. Optional.
+# FINESSE_BACKEND_ERROR_EMPTY_QUERY="Search query cannot be empty"
+
+# Message for Azure search failures. Optional.
+# FINESSE_BACKEND_ERROR_AZURE_FAILED="Azure index search failed."
+
+# Message for Finesse data search failures. Optional.
+# FINESSE_BACKEND_ERROR_FINESSE_DATA_FAILED="finesse-data static search failed"
+
+# Message for unexpected errors. Optional.
+# FINESSE_BACKEND_ERROR_UNEXPECTED="Unexpected error."
diff --git a/app/blueprints/search.py b/app/blueprints/search.py
@@ -1,9 +1,9 @@
 from functools import wraps
 
 from flask import Blueprint, current_app, jsonify, request
-from index_search import search
+from index_search import AzureIndexSearchQueryError, search
 
-from app.finesse_data import fetch_data
+from app.finesse_data import FinesseDataFetchException, fetch_data
 
 search_blueprint = Blueprint("finesse", __name__)
 
@@ -13,7 +13,7 @@ def require_non_empty_query(f):
     def decorated_function(*args, **kwargs):
         query = request.json.get("query")
         if not query:
-            return jsonify({"message": "Search query cannot be empty"}), 400
+            return jsonify({"message": current_app.config["ERROR_EMPTY_QUERY"]}), 400
         return f(*args, **kwargs)
 
     return decorated_function
@@ -26,8 +26,10 @@ def search_azure():
     try:
         results = search(query, current_app.config["AZURE_CONFIG"])
         return jsonify(results)
-    except Exception as e:
-        return jsonify({"error": str(e)}), 500
+    except AzureIndexSearchQueryError:
+        return jsonify({"error": current_app.config["ERROR_AZURE_FAILED"]}), 500
+    except Exception:
+        return jsonify({"error": current_app.config["ERROR_UNEXPECTED"]}), 500
 
 
 @search_blueprint.route("/static", methods=["POST"])
@@ -38,5 +40,7 @@ def search_static():
     try:
         data = fetch_data(finesse_data_url, query)
         return jsonify(data)
-    except Exception as e:
-        return jsonify({"error": str(e)}), 500
+    except FinesseDataFetchException:
+        return jsonify({"error": current_app.config["ERROR_FINESSE_DATA_FAILED"]}), 500
+    except Exception:
+        return jsonify({"error": current_app.config["ERROR_UNEXPECTED"]}), 500
diff --git a/app/config.py b/app/config.py
@@ -9,6 +9,10 @@
 load_dotenv()
 
 DEFAULT_DEBUG_MODE = "False"
+DEFAULT_ERROR_EMPTY_QUERY = "Search query cannot be empty"
+DEFAULT_ERROR_AZURE_FAILED = "Azure index search failed."
+DEFAULT_ERROR_FINESSE_DATA_FAILED = "finesse-data static search failed"
+DEFAULT_ERROR_UNEXPECTED = "Unexpected error."
 
 
 @dataclass
@@ -27,3 +31,16 @@ class Config:
     DEBUG = (
         os.getenv("FINESSE_BACKEND_DEBUG_MODE", DEFAULT_DEBUG_MODE).lower() == "true"
     )
+    ERROR_EMPTY_QUERY = os.getenv(
+        "FINESSE_BACKEND_ERROR_EMPTY_QUERY", DEFAULT_ERROR_EMPTY_QUERY
+    )
+    ERROR_AZURE_FAILED = os.getenv(
+        "FINESSE_BACKEND_ERROR_AZURE_FAILED", DEFAULT_ERROR_AZURE_FAILED
+    )
+    ERROR_FINESSE_DATA_FAILED = os.getenv(
+        "FINESSE_BACKEND_ERROR_FINESSE_DATA_FAILED",
+        DEFAULT_ERROR_FINESSE_DATA_FAILED,
+    )
+    ERROR_UNEXPECTED = os.getenv(
+        "FINESSE_BACKEND_ERROR_UNEXPECTED", DEFAULT_ERROR_UNEXPECTED
+    )
diff --git a/app/finesse_data/__init__.py b/app/finesse_data/__init__.py
@@ -31,4 +31,5 @@ def fetch_data(finesse_data_url, query):
         results_response.raise_for_status()
         return results_response.json()
     except requests.RequestException as e:
-        raise FinesseDataFetchException(f"API request failed: {e}") from e
+        logging.error(f"finesse-data fetch failed: {e}", exc_info=True)
+        raise FinesseDataFetchException(f"finesse-data fetch failed: {e}") from e