Conversation
| ) | ||
| except ValidationError as e: | ||
| return Response( | ||
| {"detail": str(e)}, |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 12 months ago
To fix the problem, we need to ensure that detailed exception messages are not exposed to the end user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling blocks to log the exception details and return a generic error message.
Specifically, we will:
- Import the
loggingmodule to log the exception details. - Replace the detailed error message in the response with a generic message.
| @@ -9,3 +9,3 @@ | ||
| from rest_framework import serializers, permissions | ||
|
|
||
| import logging | ||
| class FriendshipSerializer(serializers.ModelSerializer): | ||
| @@ -77,4 +77,5 @@ | ||
| except ValidationError as e: | ||
| logging.error(f"Validation error: {str(e)}") | ||
| return Response( | ||
| {"detail": str(e)}, | ||
| {"detail": "Invalid input data"}, | ||
| status=status.HTTP_400_BAD_REQUEST | ||
| @@ -87,4 +88,5 @@ | ||
| except Exception as e: | ||
| logging.error(f"Unexpected error: {str(e)}") | ||
| return Response( | ||
| {"detail": f"Failed to create friendship request: {str(e)}"}, | ||
| {"detail": "Failed to create friendship request"}, | ||
| status=status.HTTP_500_INTERNAL_SERVER_ERROR |
| ) | ||
| except Exception as e: | ||
| return Response( | ||
| {"detail": f"Failed to create friendship request: {str(e)}"}, |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 12 months ago
To fix the problem, we need to ensure that detailed exception messages are not exposed to the end user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling block to log the exception and return a generic error message.
- Import the
loggingmodule to enable logging of exceptions. - Replace the detailed error message in the response with a generic error message.
- Log the detailed exception message on the server.
| @@ -9,2 +9,5 @@ | ||
| from rest_framework import serializers, permissions | ||
| import logging | ||
|
|
||
| logger = logging.getLogger(__name__) | ||
|
|
||
| @@ -87,4 +90,5 @@ | ||
| except Exception as e: | ||
| logger.error("Failed to create friendship request", exc_info=True) | ||
| return Response( | ||
| {"detail": f"Failed to create friendship request: {str(e)}"}, | ||
| {"detail": "An internal error has occurred."}, | ||
| status=status.HTTP_500_INTERNAL_SERVER_ERROR |
| serializer = self.get_serializer(friendship) | ||
| return Response(serializer.data) | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 12 months ago
To fix the problem, we need to ensure that detailed exception messages are not exposed to the user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling in the accept, reject, and terminate methods.
- Import the
loggingmodule to enable logging of detailed error messages. - Replace the current exception handling code to log the detailed error message and return a generic error message to the user.
| @@ -9,3 +9,3 @@ | ||
| from rest_framework import serializers, permissions | ||
|
|
||
| import logging | ||
| class FriendshipSerializer(serializers.ModelSerializer): | ||
| @@ -130,3 +130,4 @@ | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) | ||
| logging.error("Error accepting friendship request: %s", str(e)) | ||
| return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST) | ||
|
|
||
| @@ -149,3 +150,4 @@ | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) | ||
| logging.error("Error rejecting friendship request: %s", str(e)) | ||
| return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST) | ||
|
|
||
| @@ -168,2 +170,3 @@ | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) | ||
| logging.error("Error terminating friendship: %s", str(e)) | ||
| return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST) |
| serializer = self.get_serializer(friendship) | ||
| return Response(serializer.data) | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 12 months ago
To fix the problem, we need to ensure that detailed exception messages are not exposed to the user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling blocks to log the exception and return a generic error message.
- Import the
loggingmodule to enable logging of exceptions. - Replace the lines that return the exception message with lines that log the exception and return a generic error message.
| @@ -9,2 +9,3 @@ | ||
| from rest_framework import serializers, permissions | ||
| import logging | ||
|
|
||
| @@ -130,3 +131,4 @@ | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) | ||
| logging.error("Error accepting friendship request: %s", str(e)) | ||
| return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST) | ||
|
|
||
| @@ -149,3 +151,4 @@ | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) | ||
| logging.error("Error rejecting friendship request: %s", str(e)) | ||
| return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST) | ||
|
|
||
| @@ -168,2 +171,3 @@ | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) | ||
| logging.error("Error terminating friendship: %s", str(e)) | ||
| return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST) |
| serializer = self.get_serializer(friendship) | ||
| return Response(serializer.data) | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) No newline at end of file |
Check warning
Code scanning / CodeQL
Information exposure through an exception Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 12 months ago
To fix the problem, we need to ensure that detailed exception messages are not exposed to the end user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling code to log the exception and return a generic error message.
- Import the
loggingmodule to enable logging of exceptions. - Replace the lines that return the exception message with code that logs the exception and returns a generic error message.
| @@ -9,2 +9,3 @@ | ||
| from rest_framework import serializers, permissions | ||
| import logging | ||
|
|
||
| @@ -130,3 +131,4 @@ | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) | ||
| logging.error("Error accepting friendship request: %s", str(e)) | ||
| return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST) | ||
|
|
||
| @@ -149,3 +151,4 @@ | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) | ||
| logging.error("Error rejecting friendship request: %s", str(e)) | ||
| return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST) | ||
|
|
||
| @@ -168,2 +171,3 @@ | ||
| except Exception as e: | ||
| return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) | ||
| logging.error("Error terminating friendship: %s", str(e)) | ||
| return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST) |
This is backend for the friend requests.
Create Friendship
automatically creates friendship with related status "PENDING"
POST
http://127.0.0.1:8000/api/friendships
Body:
{
"requested": {Id}
}
Accept Friendship
changes friendship status to "ACCEPTED" friendship status must be pending, must be logged in as the user that is being requested.
POST
http://127.0.0.1:8000/api/friendships/{id}/accept
Reject Friendship
changes friendship status to "REJECTED" friendship status must be pending,
must be logged in as the user that is being requested.
POST
http://127.0.0.1:8000/api/friendships/{id}/reject
Terminate Friendship
changes friendship status to "TERMINATED" friendship status must be accepted, either user may terminate.
POST
http://127.0.0.1:8000/api/friendships/{id}/terminate
No way to re-request friendship at this time.
X-CSRFToken must be in headers for all requests, matching the one generated on login.