Sanitize 400 error messages in GlobalExceptionHandler and validation filters to use static strings. This change improves consistency and prevents leaking internal exception details. Updated tests to reflect new error messages for JSON parsing and bad request scenarios.

2026-06-26 15:01:14 +00:00 · 2026-06-25 19:02:25 +03:00
parent 7ed780b063
commit 01d7e7d584
12 changed files with 209 additions and 38 deletions
@@ -171,6 +171,11 @@ public static class UavUploadValidationTests
        // Assert
        ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-810 malformed JSON");
        ProblemDetailsAssertions.AssertErrorsContainsMention(problem, expectedMention: "metadata", label: "AZ-810 malformed JSON");
+        var metadataError = problem.GetProperty("errors").GetProperty("metadata")[0].GetString();
+        if (metadataError is not null && metadataError.Contains("System.", StringComparison.Ordinal))
+        {
+            throw new InvalidOperationException("Malformed metadata response must not leak System.* type names.");
+        }

        Console.WriteLine("  ✓ Malformed metadata JSON rejected with errors[\"metadata\"]");
    }