Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for: Malicious OData requests trigger exception monitoring #8141

Merged
merged 2 commits into from Aug 6, 2020
Merged

Fix for: Malicious OData requests trigger exception monitoring #8141

merged 2 commits into from Aug 6, 2020

Conversation

skofman1
Copy link
Contributor

@skofman1 skofman1 commented Aug 6, 2020

Addresses https://github.com/NuGet/Engineering/issues/3303

No need to log exceptions for user input errors. Those are not "exceptional".

@skofman1 @xavierdecoster
Update src/NuGetGallery/Controllers/ODataV2FeedController.cs
2934b4a 
Co-authored-by: Xavier Decoster <xavierdecoster@users.noreply.github.com>
@loic-sharma
Copy link
Contributor

Will this still return an HTTP 400 response status code? Can we add a functional test for these cases?

@skofman1
Copy link
Contributor Author

skofman1 commented Aug 6, 2020

@loic-sharma , yes, this still returns a 400. I manually tested this. The change only prevents an exception from getting logged.
I think adding a functional test here is out of scope and low pri. I will manually test during rollout that the 400 behavior is not impacted and exceptions are no longer logged for it.

@skofman1 skofman1 merged commit 37f3885 into dev Aug 6, 2020
@drewgillies drewgillies mentioned this pull request Aug 7, 2020
Closed
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@loic-sharma loic-sharma loic-sharma approved these changes

@xavierdecoster xavierdecoster xavierdecoster approved these changes

@zhhyu zhhyu zhhyu approved these changes

@agr agr Awaiting requested review from agr

@cristinamanum cristinamanum Awaiting requested review from cristinamanum

@dannyjdev dannyjdev Awaiting requested review from dannyjdev

@drewgillies drewgillies Awaiting requested review from drewgillies

@joelverhagen joelverhagen Awaiting requested review from joelverhagen

@lyndaidaii lyndaidaii Awaiting requested review from lyndaidaii

@ryuyu ryuyu Awaiting requested review from ryuyu

@shishirx34 shishirx34 Awaiting requested review from shishirx34

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@skofman1 @loic-sharma @xavierdecoster @zhhyu