Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUGFIX: Dont log stack trace for InvalidHashException in Production #3247

Merged
merged 2 commits into from Feb 23, 2024
Merged

BUGFIX: Dont log stack trace for InvalidHashException in Production #3247

merged 2 commits into from Feb 23, 2024

Conversation

kdambekalns
Copy link
Member

@kdambekalns kdambekalns commented Dec 4, 2023
edited

This configures an invalidHashExceptions exception handler rendering group and configures it to not dump stack traces in Production context. For Development context stack traces are still written to ease debugging.

See #3159

Upgrade instructions

In case you need trace dumps for InvalidHashException in production context, override the settings as needed.

Review instructions

See #3159 for ways to trigger those exceptions. Then check if a trace is dumped.

Checklist

  • Code follows the PSR-2 coding style
  • Tests have been created, run and adjusted as needed
  • The PR is created against the lowest maintained branch
  • Reviewer - PR Title is brief but complete and starts with FEATURE|TASK|BUGFIX
  • Reviewer - The first section explains the change briefly for change-logs
  • Reviewer - Breaking Changes are marked with !!! and have upgrade-instructions

@kdambekalns kdambekalns self-assigned this Dec 4, 2023
@kdambekalns
Copy link
Member Author

/cc @mrimann

@mrimann
Copy link

mrimann commented Dec 4, 2023

@kdambekalns thanks for cc'ing me - looks fine by pure reading. But did not test. Looking forward to getting this released :-) Thanks for your work!

@fcool
Copy link
Contributor

fcool commented Dec 19, 2023

Just something to think about: Wouldn't it make sense to choose a more general group name, that still makes sense, if we discover additional exception types, we dont want to write stack traces for the same reasons?

Or do you think, that we should follow the recipe here then: Add another group for the new exception type?

@kitsunet
Copy link
Member

Mmm, fair point, could be generic as in noStacktraceExceptionGroup

kitsunet
kitsunet approved these changes Dec 19, 2023
View reviewed changes
Copy link
Member

@kitsunet kitsunet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, agree to what @fcool wrote but I am fine either way.

@kdambekalns
Copy link
Member Author

Would be fine with me, but I am too lazy to fix that now. 😬

Feel free to adjust this, you can work on this PR – just keep in mind the rendering config needs to be adjusted (the message would be misleading for other exceptions…)

@mrimann
Copy link

mrimann commented Feb 1, 2024

@kdambekalns is the review from @albe mandatory to proceed with this issue? Or could someone else review it? If so, who could be that additional reviewer?

@mhsdesign mhsdesign changed the title BUGFIX: No stack trace dumped for InvalidHashException in Production BUGFIX: Dont log stack trace for InvalidHashException in Production Feb 8, 2024
@mhsdesign
Copy link
Member

Im not sure that this fix works.

I tested it by tampering with the trustedProperties (2).

but via #2685 we log the throwable directly and set the content to Invalid HMAC submitted. Wasnt the idea to not log the exception?
Logged exception (Logger and Throwable storage):

"A hashed string must contain at least 40 characters, the given string was only 10 characters long."

But yes the herby introduces error group will not be used in that case, because the exception doesnt bubble up that far.
The question is when will it be used then? I played around with the other methods #3159 (comment) but i think i was to stupid to fool them :D. When modifying the referrer in the form i get to the default fusion 404 page because of an NoSuchActionException.

@kdambekalns
Copy link
Member Author

A late showstopper? I need to try (again), I am pretty sure it worked, though it may not work in all cases. But when those are caught and handled differently, without creating a trace file, they do not cause the problem this is trying to solve.

@kitsunet
Copy link
Member

Yeah this seems fine, it then is only a question of setting log levels for production

@kdambekalns kdambekalns force-pushed the bugfix/no-trace-for-InvalidHashException branch from 30d85ca to 28ffc30 Compare February 23, 2024 08:27
@kdambekalns
Copy link
Member Author

Rebased on 7.3, changed the rendering group name to noStacktraceExceptionGroup.

Now I'll test again, to check if it actually makes a difference…

@kdambekalns
Copy link
Member Author

kdambekalns commented Feb 23, 2024
edited

Test protocol

  • Neos & Flow 7.3
  • PHP 8.1.27

Scenarios from #3159 (comment)

Unpatched sources

  • calling Neos login with wrong credentials: no error, no trace ✅
  • scenario 1, tampered __referrer[@controller]: 404, no error, no trace ✅
  • scenario 2, tampered __trustedProperties: 400, notice logged, trace written ❌
  • scenario 3, tampered __referrer[arguments]: 400, crtitical logged, trace written ❌

The notice and trace come from ActionController.processRequest (see #2685).

Patched sources

  • calling Neos login with wrong credentials: no error, no trace ✅
  • scenario 1, tampered __referrer[@controller]: 404, no error, no trace ✅
  • scenario 2, tampered __trustedProperties: 400, notice logged, trace written ❌
  • scenario 3, tampered __referrer[arguments]: 400, no error, no trace ✅

Scenario 2 needs to be fixed…

Patches sources, part two

This is with 5f29d10

  • calling Neos login with wrong credentials: no error, no trace ✅
  • scenario 1, tampered __referrer[@controller]: 404, no error, no trace ✅
  • scenario 2, tampered __trustedProperties: 400, no error, no trace ✅
  • scenario 3, tampered __referrer[arguments]: 400, no error, no trace ✅

@kdambekalns
BUGFIX: No stack trace dumped for InvalidHashException in Production
ed00b70 
This configures a `noStacktraceExceptionGroup` exception handler
rendering group and configures it to not dump stack traces in
`Production` context. For `Development` context stack traces are still
written to ease debugging.

The rendering group contains only the `InvalidHashException` for now.

See neos#3159
@kdambekalns kdambekalns force-pushed the bugfix/no-trace-for-InvalidHashException branch from 28ffc30 to 06820c8 Compare February 23, 2024 10:13
@kdambekalns
TASK: Undo direct logging of invalid HMAC exception
5f29d10 
This undoes PR neos#2685 as it is no longer needed: That exception is no
longer a 500 (since PR neos#3234) and this very PR makes sure that the
specific exception is no longer dumping a trace.
@kdambekalns kdambekalns force-pushed the bugfix/no-trace-for-InvalidHashException branch from 06820c8 to 5f29d10 Compare February 23, 2024 10:15
@kdambekalns
Copy link
Member Author

Whetever Psalm has been smoking…

image

@kdambekalns kdambekalns merged commit 797dcd9 into neos:7.3 Feb 23, 2024
9 of 10 checks passed
@kdambekalns kdambekalns deleted the bugfix/no-trace-for-InvalidHashException branch February 23, 2024 10:44
@christophlehmann christophlehmann mentioned this pull request Apr 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fcool fcool fcool approved these changes

@kitsunet kitsunet kitsunet approved these changes

@dlubitz dlubitz dlubitz approved these changes

@albe albe Awaiting requested review from albe

Assignees

@kdambekalns kdambekalns

Labels
7.3 Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@kdambekalns @mrimann @fcool @kitsunet @mhsdesign @dlubitz