Closed Bug 773073 Opened 12 years ago Closed 12 years ago

don't send stringified exceptions to the client

Categories

(Cloud Services Graveyard :: Server: Sync, defect)

Product:
Cloud Services Graveyard
Component:
Server: Sync
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rfkelly, Assigned: rfkelly)

References

Details

(Whiteboard: [qa+])

Attachments

(1 file)

patch to replace stringified error with generic message
994 bytes, patch
telliott
: review+
Details | Diff | Splinter Review 
server-syncstorage controller.py currently does this:

        try:
            modified = storage.set_items(user_id, collection_name, kept_bsos)
        except Exception, e:
            # Something went wrong.
            # We want to swallow the 503 in that case.
            self.logger.error('Could not set items')
            self.logger.error(str(e))
            for bso in kept_bsos:
                res['failed'][bso['id']] = str(e)

It is a bad idea to be sending stringified errors back to the client.  We should log it, then send back a generic error message.

Also need to audit the code for other instances of this.
Whiteboard: [qa+]
Blocks: 747721
Replace the stringified exception with a short generic message.  grep reveals no other locations where stringified exceptions might be leaking through.
Attachment #646816 - Flags: review?(telliott)
Attachment #646816 - Flags: review?(telliott) → review+
Committed in sync1.1 and sync2.0:

http://hg.mozilla.org/services/server-storage/rev/9d341cf08df5

https://github.com/mozilla-services/server-syncstorage/commit/08482406ef1670b9c8be1bef886b0e5920b8c63a
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Will verify this against Sync 1.1 and 2.0.
Product: Cloud Services → Cloud Services Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: