Skip to content

Enhance error handling and import robustness in event_gate_lambda #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
oto-macenauer-absa merged 2 commits into from
Sep 12, 2025
Merged

Enhance error handling and import robustness in event_gate_lambda #62

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0876699
Enhance error handling and import robustness in event_gate_lambda
oto-macenauer-absa Sep 12, 2025
b2dac9d
Fix formatting
oto-macenauer-absa Sep 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 20 additions & 6 deletions src/event_gate_lambda.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,17 @@
from jsonschema import validate
from jsonschema.exceptions import ValidationError

from . import writer_eventbridge, writer_kafka, writer_postgres
# Added explicit import for serialization-related exceptions
try: # pragma: no cover - import guard
from cryptography.exceptions import UnsupportedAlgorithm # type: ignore
except Exception: # pragma: no cover - very defensive
UnsupportedAlgorithm = Exception # type: ignore
Comment on lines +34 to +38
Copy link

@coderabbitai coderabbitai bot Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Don't alias UnsupportedAlgorithm to Exception — it turns the later except into a catch‑all.

If the import fails, UnsupportedAlgorithm = Exception makes except (..., UnsupportedAlgorithm) equivalent to except Exception, hiding unrelated bugs. Catch only ImportError and provide a narrow fallback type.

Apply:

-try:  # pragma: no cover - import guard
-    from cryptography.exceptions import UnsupportedAlgorithm  # type: ignore
-except Exception:  # pragma: no cover - very defensive
-    UnsupportedAlgorithm = Exception  # type: ignore
+try:  # pragma: no cover - import guard
+    from cryptography.exceptions import UnsupportedAlgorithm  # type: ignore
+except ImportError:  # pragma: no cover - only missing dependency
+    class UnsupportedAlgorithm(Exception):  # narrow fallback; avoids catch-all later
+        pass
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Added explicit import for serialization-related exceptions
try: # pragma: no cover - import guard
from cryptography.exceptions import UnsupportedAlgorithm # type: ignore
except Exception: # pragma: no cover - very defensive
UnsupportedAlgorithm = Exception # type: ignore
# Added explicit import for serialization-related exceptions
try: # pragma: no cover - import guard
from cryptography.exceptions import UnsupportedAlgorithm # type: ignore
except ImportError: # pragma: no cover - only missing dependency
class UnsupportedAlgorithm(Exception): # narrow fallback; avoids catch-all later
pass
🧰 Tools
🪛 Ruff (0.12.2)

36-36: Do not catch blind exception: Exception

(BLE001)

🤖 Prompt for AI Agents 
In src/event_gate_lambda.py around lines 33 to 37, the current blanket except
and alias UnsupportedAlgorithm = Exception makes later except (...,
UnsupportedAlgorithm) behave like a catch‑all; change the import guard to only
catch ImportError (not Exception) and, if the import fails, define a narrow
fallback exception type (e.g. a small subclass of Exception named
UnsupportedAlgorithm) so downstream except clauses only match that specific type
rather than all exceptions.


# Import writer modules with explicit ImportError fallback
try:
from . import writer_eventbridge, writer_kafka, writer_postgres
except ImportError: # fallback when executed outside package context
import writer_eventbridge, writer_kafka, writer_postgres # type: ignore[no-redef]

# Import configuration directory symbols with explicit ImportError fallback
try:
Expand Down Expand Up @@ -86,11 +96,15 @@
logger.debug("Loaded ACCESS definitions")

TOKEN_PROVIDER_URL = CONFIG["token_provider_url"]
# Add timeout to avoid hanging requests
response_json = requests.get(CONFIG["token_public_key_url"], verify=False, timeout=5).json() # nosec external
token_public_key_encoded = response_json["key"]
TOKEN_PUBLIC_KEY: Any = serialization.load_der_public_key(base64.b64decode(token_public_key_encoded))
logger.debug("Loaded TOKEN_PUBLIC_KEY")
# Add timeout to avoid hanging requests; wrap in robust error handling so failures are explicit
try:
response_json = requests.get(CONFIG["token_public_key_url"], verify=False, timeout=5).json() # nosec external
token_public_key_encoded = response_json["key"]
TOKEN_PUBLIC_KEY: Any = serialization.load_der_public_key(base64.b64decode(token_public_key_encoded))
logger.debug("Loaded TOKEN_PUBLIC_KEY")
except (requests.RequestException, ValueError, KeyError, UnsupportedAlgorithm) as exc:
logger.exception("Failed to fetch or deserialize token public key from %s", CONFIG.get("token_public_key_url"))
raise RuntimeError("Token public key initialization failed") from exc

writer_eventbridge.init(logger, CONFIG)
writer_kafka.init(logger, CONFIG)
Expand Down
Loading