Bug/SK-894 | Information exposure through an exception

fedn/network/api/interface.py

@@ -659,7 +659,7 @@ def set_initial_model(self, file):
             self.control.commit(file.filename, model)
         except Exception as e:
             logger.debug(e)
-            return jsonify({"success": False, "message": e})
+            return jsonify({"success": False, "message": "Failed to add initial model."})
 
         return jsonify({"success": True, "message": "Initial model added successfully."})
 

fedn/network/api/server.py

@@ -5,9 +5,8 @@
 from fedn.common.config import get_controller_config
 from fedn.network.api.auth import jwt_auth_required
 from fedn.network.api.interface import API
+from fedn.network.api.shared import control, statestore
 from fedn.network.api.v1 import _routes
-from fedn.network.api.shared import statestore, control
-
 
 custom_url_prefix = os.environ.get("FEDN_CUSTOM_URL_PREFIX", False)
 api = API(statestore, control)
@@ -569,8 +568,10 @@ def add_combiner():
     remote_addr = request.remote_addr
     try:
         response = api.add_combiner(**json_data, remote_addr=remote_addr)
-    except TypeError as e:
-        return jsonify({"success": False, "message": str(e)}), 400
+    except TypeError:
+        return jsonify({"success": False, "message": "Invalid data provided"}), 400
+    except Exception:
+        return jsonify({"success": False, "message": "An unexpected error occurred"}), 500
     return response
 
 
@@ -589,8 +590,10 @@ def add_client():
     remote_addr = request.remote_addr
     try:
         response = api.add_client(**json_data, remote_addr=remote_addr)
-    except TypeError as e:
-        return jsonify({"success": False, "message": str(e)}), 400
+    except TypeError:
+        return jsonify({"success": False, "message": "Invalid data provided"}), 400
+    except Exception:
+        return jsonify({"success": False, "message": "An unexpected error occurred"}), 500
     return response
 
 
@@ -612,8 +615,10 @@ def list_combiners_data():
 
     try:
         response = api.list_combiners_data(combiners)
-    except TypeError as e:
-        return jsonify({"success": False, "message": str(e)}), 400
+    except TypeError:
+        return jsonify({"success": False, "message": "Invalid data provided"}), 400
+    except Exception:
+        return jsonify({"success": False, "message": "An unexpected error occurred"}), 500
     return response
 
 
@@ -630,8 +635,10 @@ def get_plot_data():
     try:
         feature = request.args.get("feature", None)
         response = api.get_plot_data(feature=feature)
-    except TypeError as e:
-        return jsonify({"success": False, "message": str(e)}), 400
+    except TypeError:
+        return jsonify({"success": False, "message": "Invalid data provided"}), 400
+    except Exception:
+        return jsonify({"success": False, "message": "An unexpected error occurred"}), 500
     return response
 
 

fedn/network/api/v1/client_routes.py

@@ -121,8 +121,8 @@ def get_clients():
         response = {"count": clients["count"], "result": result}
 
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/list", methods=["POST"])
@@ -206,8 +206,8 @@ def list_clients():
         response = {"count": clients["count"], "result": result}
 
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/count", methods=["GET"])
@@ -267,8 +267,8 @@ def get_clients_count():
         count = client_store.count(**kwargs)
         response = count
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 404
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/count", methods=["POST"])
@@ -320,8 +320,8 @@ def clients_count():
         count = client_store.count(**kwargs)
         response = count
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 404
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/<string:id>", methods=["GET"])
@@ -364,7 +364,7 @@ def get_client(id: str):
         response = client
 
         return jsonify(response), 200
-    except EntityNotFound as e:
-        return jsonify({"message": str(e)}), 404
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except EntityNotFound:
+        return jsonify({"message": f"Entity with id: {id} not found"}), 404
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500

fedn/network/api/v1/combiner_routes.py

@@ -113,8 +113,8 @@ def get_combiners():
         response = {"count": combiners["count"], "result": result}
 
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/list", methods=["POST"])
@@ -196,8 +196,8 @@ def list_combiners():
         response = {"count": combiners["count"], "result": result}
 
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/count", methods=["GET"])
@@ -243,8 +243,8 @@ def get_combiners_count():
         count = combiner_store.count(**kwargs)
         response = count
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/count", methods=["POST"])
@@ -292,8 +292,8 @@ def combiners_count():
         count = combiner_store.count(**kwargs)
         response = count
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/<string:id>", methods=["GET"])
@@ -335,7 +335,7 @@ def get_combiner(id: str):
         response = combiner
 
         return jsonify(response), 200
-    except EntityNotFound as e:
-        return jsonify({"message": str(e)}), 404
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except EntityNotFound:
+        return jsonify({"message": f"Entity with id: {id} not found"}), 404
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500

fedn/network/api/v1/package_routes.py

@@ -125,8 +125,8 @@ def get_packages():
         response = {"count": packages["count"], "result": result}
 
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/list", methods=["POST"])
@@ -213,8 +213,8 @@ def list_packages():
         response = {"count": packages["count"], "result": result}
 
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/count", methods=["GET"])
@@ -274,8 +274,8 @@ def get_packages_count():
         count = package_store.count(**kwargs)
         response = count
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/count", methods=["POST"])
@@ -336,8 +336,8 @@ def packages_count():
         count = package_store.count(**kwargs)
         response = count
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/<string:id>", methods=["GET"])
@@ -381,10 +381,10 @@ def get_package(id: str):
         response = package.__dict__ if use_typing else package
 
         return jsonify(response), 200
-    except EntityNotFound as e:
-        return jsonify({"message": str(e)}), 404
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except EntityNotFound:
+        return jsonify({"message": f"Entity with id: {id} not found"}), 404
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/active", methods=["GET"])
@@ -421,7 +421,7 @@ def get_active_package():
         response = package.__dict__ if use_typing else package
 
         return jsonify(response), 200
-    except EntityNotFound as e:
-        return jsonify({"message": str(e)}), 404
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except EntityNotFound:
+        return jsonify({"message": f"Entity with id: {id} not found"}), 404
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500

fedn/network/api/v1/round_routes.py

@@ -101,8 +101,8 @@ def get_rounds():
         response = {"count": rounds["count"], "result": result}
 
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/list", methods=["POST"])
@@ -180,8 +180,8 @@ def list_rounds():
         response = {"count": rounds["count"], "result": result}
 
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/count", methods=["GET"])
@@ -221,8 +221,8 @@ def get_rounds_count():
         count = round_store.count(**kwargs)
         response = count
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/count", methods=["POST"])
@@ -266,8 +266,8 @@ def rounds_count():
         count = round_store.count(**kwargs)
         response = count
         return jsonify(response), 200
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500
 
 
 @bp.route("/<string:id>", methods=["GET"])
@@ -309,7 +309,7 @@ def get_round(id: str):
         response = round
 
         return jsonify(response), 200
-    except EntityNotFound as e:
-        return jsonify({"message": str(e)}), 404
-    except Exception as e:
-        return jsonify({"message": str(e)}), 500
+    except EntityNotFound:
+        return jsonify({"message": f"Entity with id: {id} not found"}), 404
+    except Exception:
+        return jsonify({"message": "An unexpected error occurred"}), 500