Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

By default the gateway should not return the server stack traces to the Client #4946

Closed
samsja opened this issue Jun 21, 2022 · 2 comments
Closed

By default the gateway should not return the server stack traces to the Client #4946

samsja opened this issue Jun 21, 2022 · 2 comments
Labels
Stale

Comments

@samsja
Copy link
Contributor

samsja commented Jun 21, 2022
edited

Context

When an error is raise on Server side the full stack trace is send by default to the Client. This trace stack could contains sensitive information like the file path and the name of the user which is used to host the service, therefore it is a security issue.

  • The normal behavior should be to only return internal error like with a normal http connection.
  • Nevertheless the feature is useful for debugging and should be enable when working on debugging mode.

CC: @hanxiao @JohannesMessner

How to reproduce:

server

from jina import DocumentArray, Executor, Flow, requests


class MyExec(Executor):
    @requests
    async def add_text(self, docs: DocumentArray, **kwargs):
        raise Exception('oops')


f = Flow(port=12345).add(uses=MyExec).add(uses=MyExec)

with f:
    f.block()

client

from jina import Client, Document


c = Client(host='grpc://0.0.0.0:12345')
r = c.post('/', Document(), return_responses=True)

print(r[0].status.exception.stacks)

>>>
['Traceback (most recent call last):\n', '  File "/home/sami/Documents/workspace/Jina/jina/jina/serve/runtimes/worker/__init__.py", line 165, in process_data\n    return await self._data_request_handler.handle(requests=requests)\n', '  File "/home/sami/Documents/workspace/Jina/jina/jina/serve/runtimes/request_handlers/data_request_handler.py", line 187, in handle\n    return_data = await self._executor.__acall__(\n', '  File "/home/sami/Documents/workspace/Jina/jina/jina/serve/executors/__init__.py", line 274, in __acall__\n    return await self.__acall_endpoint__(__default_endpoint__, **kwargs)\n', '  File "/home/sami/Documents/workspace/Jina/jina/jina/serve/executors/__init__.py", line 293, in __acall_endpoint__\n    return await func(self, **kwargs)\n', '  File "/home/sami/Documents/workspace/Jina/jina/jina/serve/executors/decorators.py", line 171, in arg_wrapper\n    return await fn(executor_instance, *args, **kwargs)\n', '  File "/home/sami/.config/JetBrains/PyCharmCE2022.1/scratches/scratch_4.py", line 7, in add_text\n    raise Exception(\'oops\')\n', 'Exception: oops\n']
@jina-bot
Copy link
Member

@jina-ai/product This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 14 days

@jina-bot jina-bot added the Stale label Sep 20, 2022
@samsja samsja assigned samsja and unassigned samsja Sep 20, 2022
@samsja
Copy link
Contributor Author

samsja commented Sep 20, 2022

Lets keep this open

@jina-bot jina-bot closed this as completed Oct 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@samsja @jina-bot