Carry 400 Bad Request errors from the middleware to the webapp

RESOLVED FIXED

Status

RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: peterbe, Assigned: peterbe)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

4 years ago
We got a lot of errors like this: https://gist.github.com/peterbe/432bff89951efc483f86

That's a fuzzer that GETs something like this:

  /report/list/partials/reports/?sort=<VERY INVALID STRING>

The middleware correctly rejects them but we let it become a full blown 500 error on the webapp. [0]

I think we should carry these error codes onto through the web app. All 400 errors in the middleware are "expected" so they will never leak anything unexpected. 

In Django 1.5 you can't do something like `raise Http400()` (but you can do `raise Http404()`) that will automatically return a response. 
However we can catch all response errors in a middleware. 

What say you?


[0] https://github.com/mozilla/socorro/blob/master/webapp-django/crashstats/crashstats/models.py#L313-L314
(Assignee)

Comment 1

4 years ago
Rob, Adrian, 
What do you think?

This would *greatly* reduce the amount of wolf-crying errors in errormill. 

Lars, 
Can you think of ANY reason why a middleware implementation class might raise a Bad Request with a message that should NOT make it all the way to the client making the request to the webapp?
(Assignee)

Updated

4 years ago
Blocks: 1089853
The middleware raises 400 Bad Request errors on 3 different cases: 
 - if the implementation key does not exist (ie. with `Crash: typo` in the config)
 - if the implementation class cannot be loaded
 - if an implementation class raised either a MissingArgumentError or a BadArgumentError.

None of those cases expose any sensitive information whatsoever. I thus say: go for it!
(Assignee)

Updated

4 years ago
Assignee: nobody → peterbe
Status: NEW → ASSIGNED

Comment 5

4 years ago
Commits pushed to master at https://github.com/mozilla/socorro

https://github.com/mozilla/socorro/commit/8b0cee067f6760d78aa75065c1ddded1c24acffc
fixes bug 1089897 - propagate 400 errors from middleware

https://github.com/mozilla/socorro/commit/bf39f2ea86505792b15b7a16f919a08386c96a39
Merge pull request #2464 from peterbe/bug-1089897-propagate-400-errors-from-middleware

fixes bug 1089897 - propagate 400 errors from middleware

Updated

4 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.