Skip to content

Commit

Permalink
Merge pull request #826 from Bidaya0/enhanchment/change-message-response
Browse files Browse the repository at this point in the history 
enhanchment/change-message-response
  • Loading branch information
@Bidaya0
Bidaya0 authored Jul 21, 2022
2 parents bfb90b5 + 8b61df3 commit c122b07
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 6 deletions.
5 changes: 5 additions & 0 deletions dongtai_common/endpoint/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,11 @@ class TalentAdminEndPoint(EndPoint):


class R:
"""
Anyway, to prevent information exposure through an exception ,don't directly return exception message in response .
ref: https://cwe.mitre.org/data/definitions/497.html
ref: https://cwe.mitre.org/data/definitions/209.html
"""
@staticmethod
def success(status=201, data=None, msg=_("success"), page=None, **kwargs):
resp_data = {"status": status, "msg": msg}
Expand Down
4 changes: 2 additions & 2 deletions dongtai_protocol/views/agent_register.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -295,8 +295,8 @@ def post(self, request: Request):

return R.success(data={'id': agent_id, 'coreAutoStart': core_auto_start})
except Exception as e:
logger.error(e)
return R.failure(msg="探针注册失败,原因:{reason}".format(reason=e))
logger.error("探针注册失败,原因:{reason}".format(reason=e), exc_info=True)
return R.failure(msg="探针注册失败")

@staticmethod
def get_agent_id(token, project_name, user, current_project_version_id):
Expand Down
4 changes: 3 additions & 1 deletion dongtai_protocol/views/report_upload.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
from rest_framework.views import APIView
from django.http import JsonResponse

logger = logging.getLogger('dongtai.openapi')

class ReportUploadEndPoint(OpenApiEndPoint):
name = "api-v1-report-upload"
Expand All @@ -33,4 +34,5 @@ def post(self, request):
data = ReportHandler.handler(report, request.user)
return R.success(msg="report upload success.", data=data)
except Exception as e:
return R.failure(msg=f"report upload failed, reason: {e}")
logger.error(f"report upload failed, reason: {e}", exc_info=True)
return R.failure(msg="report upload failed")
6 changes: 3 additions & 3 deletions dongtai_web/views/user_passwrd_reset.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ def post(self, request):
return R.failure(msg=msg)
except ValueError as e:
msg = _('UserID must be a numeric')
logger.error(msg)
logger.error(msg, exc_info=True)
except Exception as e:
msg = _('Password reset failed, reasons: {E}').format(e)
logger.error(msg)
return R.failure(msg=msg)
logger.error(msg, exc_info=True)
return R.failure(msg="Password reset failed")

0 comments on commit c122b07

Please sign in to comment.