diff options
| author | Munyoki Kilyungi | 2024-09-30 21:11:24 +0300 |
|---|---|---|
| committer | BonfaceKilz | 2024-10-02 10:24:59 +0300 |
| commit | fed54ab5850ebcea0a4eb16997859bc02f29697b (patch) | |
| tree | 889be82ce5ad446e94fc7c085fde7bc83d36aa96 /topics/ADR/gn3/001-remove-stace-traces-in-gn3-error-response.gmi | |
| parent | 7dcfa9e8c891f67f7d0fc4e71a8a0bcdf55ec359 (diff) | |
| download | gn-gemtext-fed54ab5850ebcea0a4eb16997859bc02f29697b.tar.gz | |
Correctly name ADR name.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
Diffstat (limited to 'topics/ADR/gn3/001-remove-stace-traces-in-gn3-error-response.gmi')
| -rw-r--r-- | topics/ADR/gn3/001-remove-stace-traces-in-gn3-error-response.gmi | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/topics/ADR/gn3/001-remove-stace-traces-in-gn3-error-response.gmi b/topics/ADR/gn3/001-remove-stace-traces-in-gn3-error-response.gmi new file mode 100644 index 0000000..0910415 --- /dev/null +++ b/topics/ADR/gn3/001-remove-stace-traces-in-gn3-error-response.gmi @@ -0,0 +1,49 @@ +# [gn3/ADR-001] Remove Stack Traces in GN3 + +* author: bonfacem +* status: rejected +* reviewed-by: jnduli, zach, pjotr, fredm + +## Context + +Currently, GN3 error responses include stack traces: + +``` +def add_trace(exc: Exception, jsonmsg: dict) -> dict: + """Add the traceback to the error handling object.""" + return { + **jsonmsg, + "error-trace": "".join(traceback.format_exception(exc)) + } + + +def page_not_found(pnf): + """Generic 404 handler.""" + current_app.logger.error("Handling 404 errors", exc_info=True) + return jsonify(add_trace(pnf, { + "error": pnf.name, + "error_description": pnf.description + })), 404 + + +def internal_server_error(pnf): + """Generic 404 handler.""" + current_app.logger.error("Handling internal server errors", exc_info=True) + return jsonify(add_trace(pnf, { + "error": pnf.name, + "error_description": pnf.description + })), 500 +``` + + +## Decision + +Stack traces have the potential to allow malicious actors compromise our system by providing more context. As such, we should send a useful description of what went wrong; and log our stack traces in our logs, and send an appropriate error status code. We can use the logs to troubleshoot our system. + +## Consequences + +* Lockstep update in GN2 UI on how we handle GN3 errors. + +## Rejection Rationale + +The proposal to remove stack traces from error responses was rejected because they are essential for troubleshooting, especially when issues are difficult to reproduce or production logs are inaccessible. Stack traces provide immediate error context, and removing them would complicate debugging by requiring additional effort to link logs with specific requests; a trade-off we are not willing to make at the moment. |