fix: apply github-advanced-security recommendations

[psyray]

Summary by Sourcery

Apply GitHub Advanced Security recommendations by enhancing error logging and standardizing error responses in user management functions, improving file handling, and removing duplicate code. Initialize URL variables in JavaScript to prevent issues and clarify KeyError handling in the API vault delete function.

Bug Fixes:

• Standardize error responses in user management functions to provide consistent error messages.
• Initialize URL variables in JavaScript modal functions to prevent potential undefined variable issues.

Enhancements:

• Enhance error logging in user management functions by adding descriptive messages for delete, update, and create operations.
• Improve file handling in get_cms_details by using a context manager for file operations.
• Remove duplicate code in settings.py related to reading the version file.

Chores:

• Add a comment to clarify the handling of KeyError in the api_vault_delete function.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR implements several security and code quality improvements recommended by GitHub Advanced Security. The changes focus on enhancing error handling, improving file operations safety, removing code duplication, and fixing potential JavaScript issues. The implementation includes better error logging with descriptive messages, safer file handling using context managers, and initialization of variables to prevent undefined references.

Sequence diagram for enhanced error logging in user management

sequenceDiagram
    actor User
    participant System
    User->>System: Request to delete/update/create user
    alt Successful operation
        System-->>User: Return success response
    else Error occurs
        System->>System: Log error with descriptive message
        System-->>User: Return error response with standardized message
    end

Loading

Class diagram for improved file handling in get_cms_details

classDiagram
    class FileHandler {
        +open(filePath: String, mode: String)
        +read()
        +close()
    }
    class CMSDetails {
        +get_cms_details(url: String)
    }
    CMSDetails --> FileHandler : uses
    note for CMSDetails "Improved file handling using context manager"

Loading

File-Level Changes

Change	Details	Files
Enhanced error logging and standardized error responses in user management functions	Added descriptive error messages to logger.error() calls Standardized error response messages to be more user-friendly Removed exposure of raw error messages in JSON responses	web/dashboard/views.py
Improved file handling safety using context managers	Replaced direct file open/read with context manager (with statement) Added proper file resource cleanup	web/reNgine/common_func.py
Removed duplicate code in settings configuration	Eliminated duplicate version file reading code	web/reNgine/settings.py
Fixed potential undefined variable issues in JavaScript modal functions	Initialized 'url' variable before conditional blocks Added proper variable declarations using 'let'	web/startScan/static/startScan/js/detail_scan.js
Added documentation for error handling	Added clarifying comment about KeyError handling in vault deletion	web/scanEngine/views.py

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @psyray - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider standardizing error message handling across all endpoints - either use generic messages consistently or include specific error details, but mixing approaches could be confusing and potentially expose unnecessary information in production

Here's what I looked at during the review

• 🟢 General issues: all looks good
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}