From c974daa0c7f05bdf8a5e59897c9a2feaaf94bc4e Mon Sep 17 00:00:00 2001
From: Beto Dealmeida <roberto@dealmeida.net>
Date: Wed, 7 Feb 2024 14:58:51 -0500
Subject: [PATCH] fix: safer error message in alerts (#27019)

(cherry picked from commit 686ce33ea5017aad4cca18a6409c00f6b366dcf4)
---
 superset/commands/report/alert.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/superset/commands/report/alert.py b/superset/commands/report/alert.py
index 68013a2c005b..fc1be14e0204 100644
--- a/superset/commands/report/alert.py
+++ b/superset/commands/report/alert.py
@@ -150,7 +150,7 @@ def _execute_query(self) -> pd.DataFrame:
                 rendered_sql, ALERT_SQL_LIMIT
             )
 
-            _, username = get_executor(
+            executor, username = get_executor(  # pylint: disable=unused-variable
                 executor_types=app.config["ALERT_REPORTS_EXECUTE_AS"],
                 model=self._report_schedule,
             )
@@ -169,7 +169,12 @@ def _execute_query(self) -> pd.DataFrame:
             logger.warning("A timeout occurred while executing the alert query: %s", ex)
             raise AlertQueryTimeout() from ex
         except Exception as ex:
-            raise AlertQueryError(message=str(ex)) from ex
+            logger.exception("An error occurred when running alert query")
+            # The exception message here can reveal to much information to malicious
+            # users, so we raise a generic message.
+            raise AlertQueryError(
+                message=_("An error occurred when running alert query")
+            ) from ex
 
     def validate(self) -> None:
         """