Merge pull request #11343 from nottrobin/cve-404s

Improve handling of API errors

requirements.txt

@@ -1,4 +1,4 @@
-canonicalwebteam.flask-base==0.9.3
+canonicalwebteam.flask-base==1.0.2
 alembic==1.7.5
 canonicalwebteam.http==1.0.3
 canonicalwebteam.blog==6.4.0
@@ -27,5 +27,3 @@ macaroonbakery==1.3.1
 sortedcontainers==2.4.0
 vcrpy-unittest==0.1.7
 webargs==7.0.1
-markupsafe==2.0.1
-itsdangerous==2.0.1

templates/404.html

@@ -20,11 +20,13 @@
     <div class="col-6 u-vertically-center">
       <div>
         <h1>404: Page not found</h1>
-        {% if message %}
-          <p class="p-heading--4">{{ message }}</p>
-        {% else %}
-          <p class="p-heading--4">Sorry, we couldn't find that page.</p>
-        {% endif %}
+        <p class="p-heading--4">
+          {% if message %}
+            {{ message }}
+          {% else %}
+            Sorry, we couldn't find that page.
+          {% endif %}
+        </p>
       </div>
     </div>
   </div>

webapp/app.py

@@ -193,21 +193,23 @@
 # Error pages
 @app.errorhandler(400)
 def bad_request_error(error):
-    return flask.render_template("400.html"), 400
+    return flask.render_template("400.html", message=error.description), 400
 
 
-@app.errorhandler(SecurityAPIError)
-def security_api_error(error):
+@app.errorhandler(410)
+def deleted_error(error):
+    return flask.render_template("410.html", message=error.description), 410
 
-    message = error.response.json().get("message")
 
-    if error.response.status_code == 404:
-        return flask.render_template("404.html", message=message), 404
-    else:
-        return (
-            flask.render_template("security-error-500.html", message=message),
-            500,
-        )
+@app.errorhandler(SecurityAPIError)
+def security_api_error(error):
+    return (
+        flask.render_template(
+            "security-error-500.html",
+            message=error.response.json().get("message"),
+        ),
+        500,
+    )
 
 
 @app.errorhandler(UAContractsValidationError)
@@ -265,11 +267,6 @@ def ua_contracts_api_error_view(error):
     return flask.render_template("500.html"), 500
 
 
-@app.errorhandler(410)
-def deleted_error(error):
-    return flask.render_template("410.html"), 410
-
-
 # Template context
 @app.context_processor
 def context():

webapp/security/api.py

@@ -21,14 +21,12 @@ def _get(self, path: str, params={}):
         Defines get request set up, returns data if succesful,
         raises HTTP errors if not
         """
+
         uri = f"{self.base_url}{path}"
 
         response = self.session.get(uri, params=params)
 
-        try:
-            response.raise_for_status()
-        except HTTPError as error:
-            raise SecurityAPIError(error)
+        response.raise_for_status()
 
         return response
 
@@ -40,12 +38,25 @@ def get_cve(
         Makes request for specific cve_id,
         returns json object if found
         """
-        return self._get(f"cves/{id.upper()}.json").json()
+
+        try:
+            cve_response = self._get(f"cves/{id.upper()}.json")
+        except HTTPError as error:
+            if error.response.status_code == 404:
+                return None
+            raise SecurityAPIError(error)
+
+        return cve_response.json()
 
     def get_releases(self):
         """
         Makes request for all releases with ongoing support,
         returns json object if found
         """
 
-        return self._get("releases.json").json()
+        try:
+            releases_response = self._get("releases.json")
+        except HTTPError as error:
+            raise SecurityAPIError(error)
+
+        return releases_response.json()

webapp/security/views.py

@@ -723,7 +723,7 @@ def cve(cve_id):
     cve = security_api.get_cve(cve_id)
 
     if not cve:
-        flask.abort(404)
+        flask.abort(404, f"Cannot find a CVE with ID '{cve_id}'")
 
     if cve.get("published"):
         cve["published"] = dateutil.parser.parse(cve["published"]).strftime(