From 0876699619ce0a397dad92ad55d2f6ebc58d847d Mon Sep 17 00:00:00 2001 From: Oto Macenauer Date: Fri, 12 Sep 2025 12:20:33 +0200 Subject: [PATCH 1/2] Enhance error handling and import robustness in event_gate_lambda --- src/event_gate_lambda.py | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/src/event_gate_lambda.py b/src/event_gate_lambda.py index f4eb4fd..a237f80 100644 --- a/src/event_gate_lambda.py +++ b/src/event_gate_lambda.py @@ -30,8 +30,17 @@ from cryptography.hazmat.primitives import serialization from jsonschema import validate from jsonschema.exceptions import ValidationError +# Added explicit import for serialization-related exceptions +try: # pragma: no cover - import guard + from cryptography.exceptions import UnsupportedAlgorithm # type: ignore +except Exception: # pragma: no cover - very defensive + UnsupportedAlgorithm = Exception # type: ignore -from . import writer_eventbridge, writer_kafka, writer_postgres +# Import writer modules with explicit ImportError fallback +try: + from . import writer_eventbridge, writer_kafka, writer_postgres +except ImportError: # fallback when executed outside package context + import writer_eventbridge, writer_kafka, writer_postgres # type: ignore[no-redef] # Import configuration directory symbols with explicit ImportError fallback try: @@ -86,11 +95,21 @@ logger.debug("Loaded ACCESS definitions") TOKEN_PROVIDER_URL = CONFIG["token_provider_url"] -# Add timeout to avoid hanging requests -response_json = requests.get(CONFIG["token_public_key_url"], verify=False, timeout=5).json() # nosec external -token_public_key_encoded = response_json["key"] -TOKEN_PUBLIC_KEY: Any = serialization.load_der_public_key(base64.b64decode(token_public_key_encoded)) -logger.debug("Loaded TOKEN_PUBLIC_KEY") +# Add timeout to avoid hanging requests; wrap in robust error handling so failures are explicit +try: + response_json = requests.get( + CONFIG["token_public_key_url"], verify=False, timeout=5 + ).json() # nosec external + token_public_key_encoded = response_json["key"] + TOKEN_PUBLIC_KEY: Any = serialization.load_der_public_key( + base64.b64decode(token_public_key_encoded) + ) + logger.debug("Loaded TOKEN_PUBLIC_KEY") +except (requests.RequestException, ValueError, KeyError, UnsupportedAlgorithm) as exc: + logger.exception( + "Failed to fetch or deserialize token public key from %s", CONFIG.get("token_public_key_url") + ) + raise RuntimeError("Token public key initialization failed") from exc writer_eventbridge.init(logger, CONFIG) writer_kafka.init(logger, CONFIG) From b2dac9d89726a84a88df777bb5a0d90bab05e7dc Mon Sep 17 00:00:00 2001 From: Oto Macenauer Date: Fri, 12 Sep 2025 12:24:12 +0200 Subject: [PATCH 2/2] Fix formatting --- src/event_gate_lambda.py | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/event_gate_lambda.py b/src/event_gate_lambda.py index a237f80..36f1664 100644 --- a/src/event_gate_lambda.py +++ b/src/event_gate_lambda.py @@ -30,6 +30,7 @@ from cryptography.hazmat.primitives import serialization from jsonschema import validate from jsonschema.exceptions import ValidationError + # Added explicit import for serialization-related exceptions try: # pragma: no cover - import guard from cryptography.exceptions import UnsupportedAlgorithm # type: ignore @@ -97,18 +98,12 @@ TOKEN_PROVIDER_URL = CONFIG["token_provider_url"] # Add timeout to avoid hanging requests; wrap in robust error handling so failures are explicit try: - response_json = requests.get( - CONFIG["token_public_key_url"], verify=False, timeout=5 - ).json() # nosec external + response_json = requests.get(CONFIG["token_public_key_url"], verify=False, timeout=5).json() # nosec external token_public_key_encoded = response_json["key"] - TOKEN_PUBLIC_KEY: Any = serialization.load_der_public_key( - base64.b64decode(token_public_key_encoded) - ) + TOKEN_PUBLIC_KEY: Any = serialization.load_der_public_key(base64.b64decode(token_public_key_encoded)) logger.debug("Loaded TOKEN_PUBLIC_KEY") except (requests.RequestException, ValueError, KeyError, UnsupportedAlgorithm) as exc: - logger.exception( - "Failed to fetch or deserialize token public key from %s", CONFIG.get("token_public_key_url") - ) + logger.exception("Failed to fetch or deserialize token public key from %s", CONFIG.get("token_public_key_url")) raise RuntimeError("Token public key initialization failed") from exc writer_eventbridge.init(logger, CONFIG)