Closed
Bug 1089897
Opened 10 years ago
Closed 10 years ago
Carry 400 Bad Request errors from the middleware to the webapp
Categories
(Socorro :: Webapp, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: peterbe, Assigned: peterbe)
References
Details
We got a lot of errors like this: https://gist.github.com/peterbe/432bff89951efc483f86 That's a fuzzer that GETs something like this: /report/list/partials/reports/?sort=<VERY INVALID STRING> The middleware correctly rejects them but we let it become a full blown 500 error on the webapp. [0] I think we should carry these error codes onto through the web app. All 400 errors in the middleware are "expected" so they will never leak anything unexpected. In Django 1.5 you can't do something like `raise Http400()` (but you can do `raise Http404()`) that will automatically return a response. However we can catch all response errors in a middleware. What say you? [0] https://github.com/mozilla/socorro/blob/master/webapp-django/crashstats/crashstats/models.py#L313-L314
|
Assignee | |
Comment 1•10 years ago
|
||
Rob, Adrian, What do you think? This would *greatly* reduce the amount of wolf-crying errors in errormill. Lars, Can you think of ANY reason why a middleware implementation class might raise a Bad Request with a message that should NOT make it all the way to the client making the request to the webapp?
|
||
Comment 2•10 years ago
|
||
The middleware raises 400 Bad Request errors on 3 different cases: - if the implementation key does not exist (ie. with `Crash: typo` in the config) - if the implementation class cannot be loaded - if an implementation class raised either a MissingArgumentError or a BadArgumentError. None of those cases expose any sensitive information whatsoever. I thus say: go for it!
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → peterbe
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 3•10 years ago
|
||
For example: https://errormill.mozilla.org/webtools/socorro-prod/group/171874/
|
|
Assignee | |
Comment 4•10 years ago
|
||
PR https://github.com/mozilla/socorro/pull/2464
|
||
Comment 5•10 years ago
|
||
Commits pushed to master at https://github.com/mozilla/socorro https://github.com/mozilla/socorro/commit/8b0cee067f6760d78aa75065c1ddded1c24acffc fixes bug 1089897 - propagate 400 errors from middleware https://github.com/mozilla/socorro/commit/bf39f2ea86505792b15b7a16f919a08386c96a39 Merge pull request #2464 from peterbe/bug-1089897-propagate-400-errors-from-middleware fixes bug 1089897 - propagate 400 errors from middleware
|
|
||
Updated•10 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•