From 988c50d2c8d2f2ba226c20a6038566778770b712 Mon Sep 17 00:00:00 2001 From: Tom Kralidis Date: Fri, 16 Aug 2024 20:47:52 -0400 Subject: [PATCH] do not echo query parameter values on exceptions (#1789) --- pygeoapi/api/__init__.py | 3 ++- pygeoapi/api/itemtypes.py | 11 +++++++---- tests/api/test_api.py | 3 +++ tests/test_postgresql_provider.py | 4 ++-- 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/pygeoapi/api/__init__.py b/pygeoapi/api/__init__.py index a51b86258..b47541f23 100644 --- a/pygeoapi/api/__init__.py +++ b/pygeoapi/api/__init__.py @@ -1441,7 +1441,8 @@ def get_format_exception(self, request) -> Tuple[dict, int, str]: # Content-Language is in the system locale (ignore language settings) headers = request.get_response_headers(SYSTEM_LOCALE, **self.api_headers) - msg = f'Invalid format: {request.format}' + msg = 'Invalid format requested' + LOGGER.error(f'{msg}: {request.format}') return self.get_exception( HTTPStatus.BAD_REQUEST, headers, request.format, 'InvalidParameterValue', msg) diff --git a/pygeoapi/api/itemtypes.py b/pygeoapi/api/itemtypes.py index c2f403556..859f002e9 100644 --- a/pygeoapi/api/itemtypes.py +++ b/pygeoapi/api/itemtypes.py @@ -451,7 +451,8 @@ def get_collection_items( geometry_column_name=provider_def.get('geom_field'), ) except Exception: - msg = f'Bad CQL string : {cql_text}' + msg = 'Bad CQL text' + LOGGER.error(f'{msg}: {cql_text}') return api.get_exception( HTTPStatus.BAD_REQUEST, headers, request.format, 'InvalidParameterValue', msg) @@ -849,7 +850,7 @@ def post_collection_items( if (request_headers.get( 'Content-Type') or request_headers.get( 'content-type')) != 'application/query-cql-json': - msg = ('Invalid body content-type') + msg = 'Invalid body content-type' return api.get_exception( HTTPStatus.BAD_REQUEST, headers, request.format, 'InvalidHeaderValue', msg) @@ -885,7 +886,8 @@ def post_collection_items( geometry_column_name=provider_def.get('geom_field') ) except Exception: - msg = f'Bad CQL string : {data}' + msg = 'Bad CQL text' + LOGGER.error(f'{msg}: {data}') return api.get_exception( HTTPStatus.BAD_REQUEST, headers, request.format, 'InvalidParameterValue', msg) @@ -894,7 +896,8 @@ def post_collection_items( try: filter_ = CQLModel.parse_raw(data) except Exception: - msg = f'Bad CQL string : {data}' + msg = 'Bad CQL text' + LOGGER.error(f'{msg}: {data}') return api.get_exception( HTTPStatus.BAD_REQUEST, headers, request.format, 'InvalidParameterValue', msg) diff --git a/tests/api/test_api.py b/tests/api/test_api.py index 6eda0295b..0477ef81f 100644 --- a/tests/api/test_api.py +++ b/tests/api/test_api.py @@ -389,6 +389,9 @@ def test_api(config, api_, openapi): assert rsp_headers['Content-Language'] == 'en-US' assert code == HTTPStatus.BAD_REQUEST + response = json.loads(response) + assert response['description'] == 'Invalid format requested' + assert api_.get_collections_url() == 'http://localhost:5000/collections' diff --git a/tests/test_postgresql_provider.py b/tests/test_postgresql_provider.py index a0679798f..6a63e7105 100644 --- a/tests/test_postgresql_provider.py +++ b/tests/test_postgresql_provider.py @@ -556,7 +556,7 @@ def test_get_collection_items_postgresql_cql_bad_cql(pg_api_, bad_cql): assert code == HTTPStatus.BAD_REQUEST error_response = json.loads(response) assert error_response['code'] == 'InvalidParameterValue' - assert error_response['description'] == f'Bad CQL string : {bad_cql}' + assert error_response['description'] == 'Bad CQL text' def test_post_collection_items_postgresql_cql(pg_api_): @@ -642,7 +642,7 @@ def test_post_collection_items_postgresql_cql_bad_cql(pg_api_, bad_cql): assert code == HTTPStatus.BAD_REQUEST error_response = json.loads(response) assert error_response['code'] == 'InvalidParameterValue' - assert error_response['description'].startswith('Bad CQL string') + assert error_response['description'] == 'Bad CQL text' def test_get_collection_items_postgresql_crs(pg_api_):