Only send traceback to users when in debug mode

API services currently send the traceback to clients. While the client hides it from user view, it is still present in the response, exposing the service to details of the engine that administrators likely would not like to have exposed. Fixes bug #1210623 Change-Id: I554ba24b7ac9166e28a8a0a10f566ed9cfa03014
2013-09-06 20:53:58 -07:00 · 2013-09-06 20:53:58 -07:00 · 9e9c747b4e
parent 340dc1bdd2
commit 9e9c747b4e
3 changed files with 11 additions and 4 deletions
--- a/heat/api/middleware/fault.py
+++ b/heat/api/middleware/fault.py
@ -22,6 +22,9 @@ Cinder's faultwrapper

 import traceback
 import webob
+from oslo.config import cfg
+
+cfg.CONF.import_opt('debug', 'heat.openstack.common.log')

 from heat.common import exception
 from heat.openstack.common import log as logging
@ -80,7 +83,8 @@ class FaultWrapper(wsgi.Middleware):
        if isinstance(ex, exception.HTTPExceptionDisguise):
            # An HTTP exception was disguised so it could make it here
            # let's remove the disguise and set the original HTTP exception
-            trace = ''.join(traceback.format_tb(ex.tb))
+            if cfg.CONF.debug:
+                trace = ''.join(traceback.format_tb(ex.tb))
            ex = ex.exc
            webob_exc = ex

@ -91,7 +95,7 @@ class FaultWrapper(wsgi.Middleware):

        message = str(ex.message)

-        if not trace:
+        if cfg.CONF.debug and not trace:
            trace = str(ex)
            if trace.find('\n') > -1:
                unused, trace = trace.split('\n', 1)
--- a/heat/tests/test_api_openstack_v1.py
+++ b/heat/tests/test_api_openstack_v1.py
@ -647,6 +647,7 @@ class StackControllerTest(ControllerTest, HeatTestCase):
        self.m.VerifyAll()

    def test_create_err_stack_bad_reqest(self):
+        cfg.CONF.set_override('debug', True)
        template = {u'Foo': u'bar'}
        parameters = {u'InstanceType': u'm1.xlarge'}
        body = {'template': template,
--- a/heat/tests/test_fault_middleware.py
+++ b/heat/tests/test_fault_middleware.py
@ -27,7 +27,7 @@ class FaultMiddlewareTest(HeatTestCase):
        msg = wrapper._error(heat_exc.StackNotFound(stack_name='a'))
        expected = {'code': 404,
                    'error': {'message': 'The Stack (a) could not be found.',
-                              'traceback': 'None\n',
+                              'traceback': None,
                              'type': 'StackNotFound'},
                    'explanation': 'The resource could not be found.',
                    'title': 'Not Found'}
@ -39,7 +39,7 @@ class FaultMiddlewareTest(HeatTestCase):
        expected = {'code': 500,
                    'error': {'message': 'Response from Keystone does '
                                         'not contain a Heat endpoint.',
-                              'traceback': 'None\n',
+                              'traceback': None,
                              'type': 'NoServiceEndpoint'},
                    'explanation': 'The server has either erred or is '
                                   'incapable of performing the requested '
@ -48,6 +48,8 @@ class FaultMiddlewareTest(HeatTestCase):
        self.assertEqual(msg, expected)

    def test_remote_exception(self):
+        # We want tracebacks
+        cfg.CONF.set_override('debug', True)
        error = heat_exc.StackNotFound(stack_name='a')
        exc_info = (type(error), error, None)
        serialized = rpc_common.serialize_remote_exception(exc_info)