get_search doesn't properly handle malformed type query parameter

PolicyEngine / policyengine-api

PolicyEngine's REST API for computing policy impacts.

GNU Affero General Public License v3.0

9 stars 21 forks source link

get_search doesn't properly handle malformed type query parameter #421

Open anth-volk opened 1 year ago

anth-volk commented 1 year ago

Similar to the issue with malformed country_id parameters, if a user accesses the get_search endpoint and inputs a malformed type query parameter, the endpoint returns with a 500 Internal Server Error, as opposed to some sort of error response (perhaps 400 Bad Request?), because the function raises a ValueError when the error is encountered

anth-volk commented 1 year ago

This is due to code on line 87 of endpoints/search/search.py; if an empty query is passed, the server throws an AttributeError, as the query has no attribute 'lower', returning a 500 Internal Server Error