chore(pr-review): squash merge #44

Merged by strict manual review cycle 20260303T215220Z.
2026-04-25 17:15:02 +02:00 · 2026-03-03 19:01:26 -03:00
parent 8d12cadcb7
commit d91b5b009c
3 changed files with 18 additions and 6 deletions
--- a/api/src/bracc/routers/baseline.py
+++ b/api/src/bracc/routers/baseline.py
@@ -3,6 +3,7 @@ from typing import Annotated
 from fastapi import APIRouter, Depends, HTTPException, Query
 from neo4j import AsyncSession

+from bracc.config import settings
 from bracc.dependencies import get_session
 from bracc.models.baseline import BaselineResponse
 from bracc.services.baseline_service import BASELINE_QUERIES, run_all_baselines, run_baseline
@@ -21,10 +22,13 @@ async def get_baseline_for_entity(
    if dimension:
        if dimension not in BASELINE_QUERIES:
            available = list(BASELINE_QUERIES.keys())
-            raise HTTPException(
-                status_code=400,
-                detail=f"Invalid dimension: {dimension}. Available: {available}",
+            app_env = settings.app_env.strip().lower()
+            detail = (
+                "Invalid dimension"
+                if app_env in ("prod", "production")
+                else f"Invalid dimension: {dimension}. Available: {available}"
            )
+            raise HTTPException(status_code=400, detail=detail)
        results = await run_baseline(session, dimension, entity_id)
    else:
        results = await run_all_baselines(session, entity_id)
--- a/api/src/bracc/routers/patterns.py
+++ b/api/src/bracc/routers/patterns.py
@@ -100,10 +100,13 @@ async def get_specific_pattern(
        enforce_entity_lookup_enabled()
    available = [row["id"] for row in provider.list_patterns()]
    if pattern_name not in set(available):
-        raise HTTPException(
-            status_code=404,
-            detail=f"Pattern not found: {pattern_name}. Available: {available}",
+        app_env = settings.app_env.strip().lower()
+        detail = (
+            "Pattern not found"
+            if app_env in ("prod", "production")
+            else f"Pattern not found: {pattern_name}. Available: {available}"
        )
+        raise HTTPException(status_code=404, detail=detail)
    results = await run_pattern(
        session,
        pattern_name,
--- a/api/src/bracc/services/source_registry.py
+++ b/api/src/bracc/services/source_registry.py
@@ -63,6 +63,11 @@ def _default_registry_path() -> Path:


 def get_registry_path() -> Path:
+    """Return the source registry CSV path from env or default.
+
+    BRACC_SOURCE_REGISTRY_PATH must be set only by administrators in a trusted
+    environment; do not allow untrusted users or processes to set it.
+    """
    configured = os.getenv("BRACC_SOURCE_REGISTRY_PATH", "").strip()
    return Path(configured) if configured else _default_registry_path()