From 9e9c747b4ec0f1972da1d122e46402b00cd0911f Mon Sep 17 00:00:00 2001 From: Clint Byrum Date: Fri, 6 Sep 2013 20:53:58 -0700 Subject: [PATCH] Only send traceback to users when in debug mode API services currently send the traceback to clients. While the client hides it from user view, it is still present in the response, exposing the service to details of the engine that administrators likely would not like to have exposed. Fixes bug #1210623 Change-Id: I554ba24b7ac9166e28a8a0a10f566ed9cfa03014 --- heat/api/middleware/fault.py | 8 ++++++-- heat/tests/test_api_openstack_v1.py | 1 + heat/tests/test_fault_middleware.py | 6 ++++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/heat/api/middleware/fault.py b/heat/api/middleware/fault.py index ef3a685a0c..42656d14d7 100644 --- a/heat/api/middleware/fault.py +++ b/heat/api/middleware/fault.py @@ -22,6 +22,9 @@ Cinder's faultwrapper import traceback import webob +from oslo.config import cfg + +cfg.CONF.import_opt('debug', 'heat.openstack.common.log') from heat.common import exception from heat.openstack.common import log as logging @@ -80,7 +83,8 @@ class FaultWrapper(wsgi.Middleware): if isinstance(ex, exception.HTTPExceptionDisguise): # An HTTP exception was disguised so it could make it here # let's remove the disguise and set the original HTTP exception - trace = ''.join(traceback.format_tb(ex.tb)) + if cfg.CONF.debug: + trace = ''.join(traceback.format_tb(ex.tb)) ex = ex.exc webob_exc = ex @@ -91,7 +95,7 @@ class FaultWrapper(wsgi.Middleware): message = str(ex.message) - if not trace: + if cfg.CONF.debug and not trace: trace = str(ex) if trace.find('\n') > -1: unused, trace = trace.split('\n', 1) diff --git a/heat/tests/test_api_openstack_v1.py b/heat/tests/test_api_openstack_v1.py index 8921ab1bfe..8f4197038e 100644 --- a/heat/tests/test_api_openstack_v1.py +++ b/heat/tests/test_api_openstack_v1.py @@ -647,6 +647,7 @@ class StackControllerTest(ControllerTest, HeatTestCase): self.m.VerifyAll() def test_create_err_stack_bad_reqest(self): + cfg.CONF.set_override('debug', True) template = {u'Foo': u'bar'} parameters = {u'InstanceType': u'm1.xlarge'} body = {'template': template, diff --git a/heat/tests/test_fault_middleware.py b/heat/tests/test_fault_middleware.py index b114b1a5c2..9fe55191ec 100644 --- a/heat/tests/test_fault_middleware.py +++ b/heat/tests/test_fault_middleware.py @@ -27,7 +27,7 @@ class FaultMiddlewareTest(HeatTestCase): msg = wrapper._error(heat_exc.StackNotFound(stack_name='a')) expected = {'code': 404, 'error': {'message': 'The Stack (a) could not be found.', - 'traceback': 'None\n', + 'traceback': None, 'type': 'StackNotFound'}, 'explanation': 'The resource could not be found.', 'title': 'Not Found'} @@ -39,7 +39,7 @@ class FaultMiddlewareTest(HeatTestCase): expected = {'code': 500, 'error': {'message': 'Response from Keystone does ' 'not contain a Heat endpoint.', - 'traceback': 'None\n', + 'traceback': None, 'type': 'NoServiceEndpoint'}, 'explanation': 'The server has either erred or is ' 'incapable of performing the requested ' @@ -48,6 +48,8 @@ class FaultMiddlewareTest(HeatTestCase): self.assertEqual(msg, expected) def test_remote_exception(self): + # We want tracebacks + cfg.CONF.set_override('debug', True) error = heat_exc.StackNotFound(stack_name='a') exc_info = (type(error), error, None) serialized = rpc_common.serialize_remote_exception(exc_info)