fix(security): return generic error and log internally in RoleRestAPI.get_list

[rusackas]

SUMMARY

RoleRestAPI.get_list (/api/v1/security/roles/search/) caught unexpected errors with a hand-written except Exception that returned str(e) directly in the HTTP 500 response body and made no logging call. This meant raw ORM/driver error text could surface to the caller, while the same error was invisible in the structured logging pipeline.

This change:

• Logs the exception server-side via logger.exception(...) so operators get the full detail and stack trace.
• Returns a generic "An unexpected error occurred" message to the caller instead of the raw exception text.

The endpoint remains gated behind @protect() / list_roles; this only changes what an unexpected-error response body contains and ensures the error is recorded.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N/A — backend error-handling behavior.

TESTING INSTRUCTIONS

Integration test added in tests/integration_tests/security/api_tests.py (test_show_roles_unexpected_error_returns_generic_message):

• Forces an exception inside get_list.
• Asserts the 500 body does not contain the raw exception detail, contains the generic message, and that logger.exception was called.

Run: pytest tests/integration_tests/security/api_tests.py -k unexpected_error

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[bito-code-review]

Code Review Agent Run #4c43ef

Actionable Suggestions - 0

Review Details

• Files reviewed - 2 · Commit Range: b2f9781..b2f9781

  • superset/security/api.py
  • tests/integration_tests/security/api_tests.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[bito-code-review]

The suggestion to add type hints to the new test method is correct, as it improves code quality and consistency. You can resolve this by updating the method signature to include self: Any and -> None.

    def test_show_roles_unexpected_error_returns_generic_message(self: Any) -> None:

There are no other comments on this pull request. Would you like me to implement this change for you?

tests/integration_tests/security/api_tests.py

def test_show_roles_unexpected_error_returns_generic_message(self: Any) -> None:
        """
        Security API: an unexpected error in role listing returns a generic 500
        body (no raw exception text) and is logged server-side.
        """

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.34%. Comparing base (3b46a5f) to head (26c8301).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #41295      +/-   ##
==========================================
- Coverage   64.34%   64.34%   -0.01%     
==========================================
  Files        2653     2653              
  Lines      144952   144953       +1     
  Branches    33433    33433              
==========================================
- Hits        93273    93271       -2     
- Misses      49995    49996       +1     
- Partials     1684     1686       +2     

Flag	Coverage Δ
hive	39.27% <0.00%> (-0.01%)	⬇️
mysql	58.00% <100.00%> (+<0.01%)	⬆️
postgres	58.07% <100.00%> (+<0.01%)	⬆️
presto	40.86% <0.00%> (-0.01%)	⬇️
python	59.51% <100.00%> (+<0.01%)	⬆️
sqlite	57.72% <100.00%> (+<0.01%)	⬆️
unit	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bito-code-review]

Code Review Agent Run #3a5495

Actionable Suggestions - 0

Review Details

• Files reviewed - 1 · Commit Range: b2f9781..26c8301

  • tests/integration_tests/security/api_tests.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by