Create an ADR on handling stack traces.

Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>

1 files changed, 45 insertions, 0 deletions

diff --git a/topics/ADR/gn3/000-remove-stace-traces-in-gn3-error-response.gmi b/topics/ADR/gn3/000-remove-stace-traces-in-gn3-error-response.gmi
new file mode 100644
index 0000000..d42ceda
--- /dev/null
+++ b/topics/ADR/gn3/000-remove-stace-traces-in-gn3-error-response.gmi
@@ -0,0 +1,45 @@
+# [ADR-001/gn3] Remove Stack Traces in GN3
+
+* author: bonfacem
+* status: proposed
+* reviewed-by: jnduli, zach, pjotr, fredm
+
+## Context
+
+Right now, we have stack-traces embedded in our GN3 error response:
+
+```
+def add_trace(exc: Exception, jsonmsg: dict) -> dict:
+    """Add the traceback to the error handling object."""
+    return {
+        **jsonmsg,
+        "error-trace": "".join(traceback.format_exception(exc))
+    }
+
+
+def page_not_found(pnf):
+    """Generic 404 handler."""
+    current_app.logger.error("Handling 404 errors", exc_info=True)
+    return jsonify(add_trace(pnf, {
+        "error": pnf.name,
+        "error_description": pnf.description
+    })), 404
+
+
+def internal_server_error(pnf):
+    """Generic 404 handler."""
+    current_app.logger.error("Handling internal server errors", exc_info=True)
+    return jsonify(add_trace(pnf, {
+        "error": pnf.name,
+        "error_description": pnf.description
+    })), 500
+```
+
+
+## Decision
+
+Stacke traces have the potential to allow malicious actors compromise our system by providing more context.  As such, we should send a useful description of what went wrong; and log our stack traces in our logs, and send an appropriate error status code.  We can use the logs to troubleshoot our system.
+
+## Consequences
+
+* Lockstep update in GN2 UI on how we handle GN3 errors.