Sanitize 400 error messages in GlobalExceptionHandler and validation filters to use static strings. This change improves consistency and prevents leaking internal exception details. Updated tests to reflect new error messages for JSON parsing and bad request scenarios.

2026-06-26 06:11:14 +00:00 · 2026-06-25 19:02:25 +03:00
parent 7ed780b063
commit 01d7e7d584
12 changed files with 209 additions and 38 deletions
@@ -0,0 +1,16 @@
+# Batch Report
+
+**Batch**: 1
+**Tasks**: AZ-1113
+**Date**: 2026-06-25
+**Cycle**: 10
+
+## Task Results
+
+| Task | Status | Files Modified | Tests | AC Coverage | Issues |
+|------|--------|---------------|-------|-------------|--------|
+| AZ-1113 REST error sanitizer | Done | GlobalExceptionHandler, UavUploadValidationFilter, UavTileUploadHandler, error-shape.md, tests | 6 unit focused PASS | 5/5 | None |
+
+## Code Review Verdict: PASS (inline — single-task security hardening)
+
+## Next Batch: All tasks complete
@@ -0,0 +1,17 @@
+# Implementation Report — Cycle 10
+
+**Cycle**: 10  
+**Date**: 2026-06-25  
+**Tasks shipped**: AZ-1113 (batch 1)  
+**Verdict**: PASS (focused unit tests green; full suite pending Step 11)
+
+## Summary
+
+Sanitized client-facing HTTP 400 messages for deserializer/binding failures (F-AZ795-1, F-AZ795-2, F-AZ810-1). `error-shape.md` bumped to v1.0.1.
+
+## Key changes
+
+- Static `JsonException` messages in `GlobalExceptionHandler`
+- Static `BadHttpRequestException` detail
+- `UavUploadValidationFilter` + `UavTileUploadHandler` metadata parse errors sanitized
+- Unit + integration assertions updated