From 950715b2550530f869c36130c878e7af03d1f38a Mon Sep 17 00:00:00 2001
From: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
Date: Mon, 5 Sep 2022 16:10:45 +0300
Subject: [PATCH] API: Do not expose user input in datasource error responses
 (#53483)

---
 pkg/api/datasources.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/api/datasources.go b/pkg/api/datasources.go
index cfbad2b7f14..70a42c7a55c 100644
--- a/pkg/api/datasources.go
+++ b/pkg/api/datasources.go
@@ -107,7 +107,7 @@ func (hs *HTTPServer) GetDataSources(c *models.ReqContext) response.Response {
 func (hs *HTTPServer) GetDataSourceById(c *models.ReqContext) response.Response {
 	id, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
 	if err != nil {
-		return response.Error(http.StatusBadRequest, "id is invalid", err)
+		return response.Error(http.StatusBadRequest, "id is invalid", nil)
 	}
 	query := datasources.GetDataSourceQuery{
 		Id:    id,
@@ -605,7 +605,7 @@ func (hs *HTTPServer) GetDataSourceIdByName(c *models.ReqContext) response.Respo
 func (hs *HTTPServer) CallDatasourceResource(c *models.ReqContext) {
 	datasourceID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
 	if err != nil {
-		c.JsonApiErr(http.StatusBadRequest, "id is invalid", err)
+		c.JsonApiErr(http.StatusBadRequest, "id is invalid", nil)
 		return
 	}
 	ds, err := hs.DataSourceCache.GetDatasource(c.Req.Context(), datasourceID, c.SignedInUser, c.SkipCache)
@@ -742,7 +742,7 @@ func (hs *HTTPServer) CheckDatasourceHealthWithUID(c *models.ReqContext) respons
 func (hs *HTTPServer) CheckDatasourceHealth(c *models.ReqContext) response.Response {
 	datasourceID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
 	if err != nil {
-		return response.Error(http.StatusBadRequest, "id is invalid", err)
+		return response.Error(http.StatusBadRequest, "id is invalid", nil)
 	}
 
 	ds, err := hs.DataSourceCache.GetDatasource(c.Req.Context(), datasourceID, c.SignedInUser, c.SkipCache)