do not echo query parameter values on exceptions (#1789)

geopython · Aug 17, 2024 · 2cbbe93 · 2cbbe93
1 parent 7d1028c
commit 2cbbe93
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 5 deletions.
diff --git a/pygeoapi/api/__init__.py b/pygeoapi/api/__init__.py
@@ -1441,7 +1441,8 @@ def get_format_exception(self, request) -> Tuple[dict, int, str]:
         # Content-Language is in the system locale (ignore language settings)
         headers = request.get_response_headers(SYSTEM_LOCALE,
                                                **self.api_headers)
-        msg = f'Invalid format: {request.format}'
+        msg = 'Invalid format requested'
+        LOGGER.error(f'{msg}: {request.format}')
         return self.get_exception(
             HTTPStatus.BAD_REQUEST, headers,
             request.format, 'InvalidParameterValue', msg)

diff --git a/pygeoapi/api/itemtypes.py b/pygeoapi/api/itemtypes.py
@@ -451,7 +451,8 @@ def get_collection_items(
                 geometry_column_name=provider_def.get('geom_field'),
             )
         except Exception:
-            msg = f'Bad CQL string : {cql_text}'
+            msg = 'Bad CQL text'
+            LOGGER.error(f'{msg}: {cql_text}')
             return api.get_exception(
                 HTTPStatus.BAD_REQUEST, headers, request.format,
                 'InvalidParameterValue', msg)
@@ -849,7 +850,7 @@ def post_collection_items(
     if (request_headers.get(
         'Content-Type') or request_headers.get(
             'content-type')) != 'application/query-cql-json':
-        msg = ('Invalid body content-type')
+        msg = 'Invalid body content-type'
         return api.get_exception(
             HTTPStatus.BAD_REQUEST, headers, request.format,
             'InvalidHeaderValue', msg)
@@ -885,7 +886,8 @@ def post_collection_items(
                 geometry_column_name=provider_def.get('geom_field')
             )
         except Exception:
-            msg = f'Bad CQL string : {data}'
+            msg = 'Bad CQL text'
+            LOGGER.error(f'{msg}: {data}')
             return api.get_exception(
                 HTTPStatus.BAD_REQUEST, headers, request.format,
                 'InvalidParameterValue', msg)
@@ -894,7 +896,8 @@ def post_collection_items(
         try:
             filter_ = CQLModel.parse_raw(data)
         except Exception:
-            msg = f'Bad CQL string : {data}'
+            msg = 'Bad CQL text'
+            LOGGER.error(f'{msg}: {data}')
             return api.get_exception(
                 HTTPStatus.BAD_REQUEST, headers, request.format,
                 'InvalidParameterValue', msg)