From 9e9c747b4ec0f1972da1d122e46402b00cd0911f Mon Sep 17 00:00:00 2001 From: Clint Byrum Date: Fri, 6 Sep 2013 20:53:58 -0700 Subject: [PATCH] Only send traceback to users when in debug mode API services currently send the traceback to clients. While the client hides it from user view, it is still present in the response, exposing the service to details of the engine that administrators likely would not like to have exposed. Fixes bug #1210623 Change-Id: I554ba24b7ac9166e28a8a0a10f566ed9cfa03014 --- heat/api/middleware/fault.py | 8 ++++++-- heat/tests/test_api_openstack_v1.py | 1 + heat/tests/test_fault_middleware.py | 6 ++++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/heat/api/middleware/fault.py b/heat/api/middleware/fault.py index ef3a685a..42656d14 100644 --- a/heat/api/middleware/fault.py +++ b/heat/api/middleware/fault.py @@ -22,6 +22,9 @@ Cinder's faultwrapper import traceback import webob +from oslo.config import cfg + +cfg.CONF.import_opt('debug', 'heat.openstack.common.log') from heat.common import exception from heat.openstack.common import log as logging @@ -80,7 +83,8 @@ class FaultWrapper(wsgi.Middleware): if isinstance(ex, exception.HTTPExceptionDisguise): # An HTTP exception was disguised so it could make it here # let's remove the disguise and set the original HTTP exception - trace = ''.join(traceback.format_tb(ex.tb)) + if cfg.CONF.debug: + trace = ''.join(traceback.format_tb(ex.tb)) ex = ex.exc webob_exc = ex @@ -91,7 +95,7 @@ class FaultWrapper(wsgi.Middleware): message = str(ex.message) - if not trace: + if cfg.CONF.debug and not trace: trace = str(ex) if trace.find('\n') > -1: unused, trace = trace.split('\n', 1) diff --git a/heat/tests/test_api_openstack_v1.py b/heat/tests/test_api_openstack_v1.py index 8921ab1b..8f419703 100644 --- a/heat/tests/test_api_openstack_v1.py +++ b/heat/tests/test_api_openstack_v1.py @@ -647,6 +647,7 @@ class StackControllerTest(ControllerTest, HeatTestCase): self.m.VerifyAll() def test_create_err_stack_bad_reqest(self): + cfg.CONF.set_override('debug', True) template = {u'Foo': u'bar'} parameters = {u'InstanceType': u'm1.xlarge'} body = {'template': template, diff --git a/heat/tests/test_fault_middleware.py b/heat/tests/test_fault_middleware.py index b114b1a5..9fe55191 100644 --- a/heat/tests/test_fault_middleware.py +++ b/heat/tests/test_fault_middleware.py @@ -27,7 +27,7 @@ class FaultMiddlewareTest(HeatTestCase): msg = wrapper._error(heat_exc.StackNotFound(stack_name='a')) expected = {'code': 404, 'error': {'message': 'The Stack (a) could not be found.', - 'traceback': 'None\n', + 'traceback': None, 'type': 'StackNotFound'}, 'explanation': 'The resource could not be found.', 'title': 'Not Found'} @@ -39,7 +39,7 @@ class FaultMiddlewareTest(HeatTestCase): expected = {'code': 500, 'error': {'message': 'Response from Keystone does ' 'not contain a Heat endpoint.', - 'traceback': 'None\n', + 'traceback': None, 'type': 'NoServiceEndpoint'}, 'explanation': 'The server has either erred or is ' 'incapable of performing the requested ' @@ -48,6 +48,8 @@ class FaultMiddlewareTest(HeatTestCase): self.assertEqual(msg, expected) def test_remote_exception(self): + # We want tracebacks + cfg.CONF.set_override('debug', True) error = heat_exc.StackNotFound(stack_name='a') exc_info = (type(error), error, None) serialized = rpc_common.serialize_remote_exception(exc_info) -- 2.45.2