Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-5063

Stop returning stack traces from the API endpoint

    XMLWordPrintable

Details

      • jetty does not return the error's stack trace
      • Full stack trace still available in the logs
    • Ghost
    • 3
    • CVE-2021-27019
    • ghost-7.04.2021
    • Bug Fix
    • Hide
      Description of the problem: When the API endpoints throw an error, jetty includes the whole stack trace.
      Description of the fix: Only show the error message without the stacktrace and without the exception class.
      Show
      Description of the problem: When the API endpoints throw an error, jetty includes the whole stack trace. Description of the fix: Only show the error message without the stacktrace and without the exception class.
    • Needs Assessment

    Description

      when the API endpoints throw an error, jetty includes the whole stack trace. Let's take out the stack trace an only return the message.

      You can generate these by submitting an invalid AST query

      $ curl -X POST http://localhost:8080/pdb/query/v4 \
      		 
        -H 'Content-Type:application/json' \
      		 
        -d '{"query": "inventory[count(certname)] { facts.os.family in [\"RedHat\"] }" }'


      <html>
      		 
      <head>
      		 
      <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
      		 
      <title>Error 500 clojure.lang.ExceptionInfo: Value does not match schema: (not (map? nil)) {:type :schema.core/error, :schema {:type Keyword, :field (cond-pre Keyword honeysql.types.SqlCall honeysql.types.SqlRaw {:select Any, Any Any}), Any Any}, :value nil, :error (not (map? nil))}</title>
      		 
      </head>
      		 
      <body><h2>HTTP ERROR 500 clojure.lang.ExceptionInfo: Value does not match schema: (not (map? nil)) {:type :schema.core/error, :schema {:type Keyword, :field (cond-pre Keyword honeysql.types.SqlCall honeysql.types.SqlRaw {:select Any, Any Any}), Any Any}, :value nil, :error (not (map? nil))}</h2>
      		 
      <table>
      		 
      <tr><th>URI:</th><td>/pdb/query/v4</td></tr>
      		 
      <tr><th>STATUS:</th><td>500</td></tr>
      		 
      <tr><th>MESSAGE:</th><td>clojure.lang.ExceptionInfo: Value does not match schema: (not (map? nil)) {:type :schema.core/error, :schema {:type Keyword, :field (cond-pre Keyword honeysql.types.SqlCall honeysql.types.SqlRaw {:select Any, Any Any}), Any Any}, :value nil, :error (not (map? nil))}</td></tr>
      		 
      <tr><th>SERVLET:</th><td>-</td></tr>
      		 
      <tr><th>CAUSED BY:</th><td>clojure.lang.ExceptionInfo: Value does not match schema: (not (map? nil)) {:type :schema.core/error, :schema {:type Keyword, :field (cond-pre Keyword honeysql.types.SqlCall honeysql.types.SqlRaw {:select Any, Any Any}), Any Any}, :value nil, :error (not (map? nil))}</td></tr>
      		 
      </table>
      		 
      <h3>Caused by:</h3><pre>clojure.lang.ExceptionInfo: Value does not match schema: (not (map? nil)) {:type :schema.core/error, :schema {:type Keyword, :field (cond-pre Keyword honeysql.types.SqlCall honeysql.types.SqlRaw {:select Any, Any Any}), Any Any}, :value nil, :error (not (map? nil))}
      		 
      	at schema.core$validator$fn__805.invoke(core.clj:155)
      		 
      	at schema.core$validate.invokeStatic(core.clj:164)
      		 
      	at schema.core$validate.invoke(core.clj:159)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$eval33538$fn__33540.invoke(engine.clj:1553)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$eval33490$fn__33491$G__33481__33498.invoke(engine.clj:1475)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$eval33532$fn__33533$fn__33534.invoke(engine.clj:1589)
      		 
      	at clojure.core$map$fn__5866.invoke(core.clj:2755)
      		 
      	at clojure.lang.LazySeq.sval(LazySeq.java:42)
      		 
      	at clojure.lang.LazySeq.seq(LazySeq.java:58)
      		 
      	at clojure.lang.ChunkedCons.chunkedNext(ChunkedCons.java:59)
      		 
      	at clojure.lang.ChunkedCons.next(ChunkedCons.java:43)
      		 
      	at clojure.lang.RT.next(RT.java:713)
      		 
      	at clojure.core$next__5386.invokeStatic(core.clj:64)
      		 
      	at clojure.core$next__5386.invoke(core.clj:64)
      		 
      	at honeysql.format$format_predicate_STAR_.invokeStatic(format.clj:359)
      		 
      	at honeysql.format$format_predicate_STAR_.invoke(format.clj:356)
      		 
      	at honeysql.format$eval27022$fn__27024.invoke(format.clj:414)
      		 
      	at clojure.lang.MultiFn.invoke(MultiFn.java:234)
      		 
      	at honeysql.format$_format_clause.invokeStatic(format.clj:394)
      		 
      	at honeysql.format$_format_clause.invoke(format.clj:391)
      		 
      	at honeysql.format$eval26946$fn__26947$fn__26948$fn__26949.invoke(format.clj:326)
      		 
      	at clojure.core$comp$fn__5807.invoke(core.clj:2569)
      		 
      	at clojure.core$map$fn__5866.invoke(core.clj:2755)
      		 
      	at clojure.lang.LazySeq.sval(LazySeq.java:42)
      		 
      	at clojure.lang.LazySeq.seq(LazySeq.java:51)
      		 
      	at clojure.lang.Cons.next(Cons.java:39)
      		 
      	at clojure.lang.RT.next(RT.java:713)
      		 
      	at clojure.core$next__5386.invokeStatic(core.clj:64)
      		 
      	at clojure.string$join.invokeStatic(string.clj:191)
      		 
      	at clojure.string$join.invoke(string.clj:180)
      		 
      	at honeysql.format$space_join.invokeStatic(format.clj:15)
      		 
      	at honeysql.format$space_join.invoke(format.clj:14)
      		 
      	at honeysql.format$eval26946$fn__26947$fn__26948.invoke(format.clj:325)
      		 
      	at honeysql.format$eval26946$fn__26947.invoke(format.clj:323)
      		 
      	at honeysql.format$eval26726$fn__26727$G__26717__26732.invoke(format.clj:90)
      		 
      	at honeysql.format$format.invokeStatic(format.clj:236)
      		 
      	at honeysql.format$format.doInvoke(format.clj:208)
      		 
      	at clojure.lang.RestFn.invoke(RestFn.java:439)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$eval33463$sql_from_query__33468$fn__33469.invoke(engine.clj:1472)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$eval33463$sql_from_query__33468.invoke(engine.clj:1467)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$eval33597$fn__33599.invoke(engine.clj:1496)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$eval33490$fn__33491$G__33481__33498.invoke(engine.clj:1475)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$plan__GT_sql.invokeStatic(engine.clj:1606)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$plan__GT_sql.invoke(engine.clj:1603)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$compile_query.invokeStatic(engine.clj:3011)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$compile_query.invoke(engine.clj:2981)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$compile_user_query__GT_sql.invokeStatic(engine.clj:3025)
      		 
      	at puppetlabs.puppetdb.query_eng.engine$compile_user_query__GT_sql.invoke(engine.clj:3018)
      		 
      	at puppetlabs.puppetdb.query_eng$query__GT_sql$fn__35060.invoke(query_eng.clj:173)
      		 
      	at puppetlabs.puppetdb.query_eng$maybe_log_sql.invokeStatic(query_eng.clj:110)
      		 
      	at puppetlabs.puppetdb.query_eng$maybe_log_sql.invoke(query_eng.clj:105)
      		 
      	at puppetlabs.puppetdb.query_eng$query__GT_sql.invokeStatic(query_eng.clj:124)
      		 
      	at puppetlabs.puppetdb.query_eng$query__GT_sql.invoke(query_eng.clj:112)
      		 
      	at puppetlabs.puppetdb.query_eng$deprecated_produce_streaming_body$fn__35217.invoke(query_eng.clj:419)
      		 
              at puppetlabs.puppetdb.jdbc$with_transacted_connection_fn$fn__28428$fn__28429.invoke(jdbc.clj:513)
      		 
              at clojure.java.jdbc$db_transaction_STAR_.invokeStatic(jdbc.clj:771)
      		 
              at clojure.java.jdbc$db_transaction_STAR_.invoke(jdbc.clj:741)
      		 
              at puppetlabs.puppetdb.jdbc$with_transacted_connection_fn$fn__28428.invoke(jdbc.clj:512)
      		 
              at puppetlabs.puppetdb.jdbc$retry_sql$attempt__28422.invoke(jdbc.clj:471)
      		 
              at puppetlabs.puppetdb.jdbc$retry_sql.invokeStatic(jdbc.clj:481)
      		 
              at puppetlabs.puppetdb.jdbc$retry_sql.invoke(jdbc.clj:462)
      		 
              at puppetlabs.puppetdb.jdbc$with_transacted_connection_fn.invokeStatic(jdbc.clj:511)
      		 
              at puppetlabs.puppetdb.jdbc$with_transacted_connection_fn.invoke(jdbc.clj:503)
      		 
              at puppetlabs.puppetdb.query_eng$deprecated_produce_streaming_body.invokeStatic(query_eng.clj:415)
      		 
              at puppetlabs.puppetdb.query_eng$deprecated_produce_streaming_body.invoke(query_eng.clj:399)
      		 
              at puppetlabs.puppetdb.query_eng$eval35248$produce_streaming_body__35253$fn__35254.invoke(query_eng.clj:469)
      		 
              at puppetlabs.puppetdb.query_eng$eval35248$produce_streaming_body__35253.invoke(query_eng.clj:459)
      		 
              at puppetlabs.puppetdb.http.query$query_handler$fn__35667.invoke(query.clj:397)
      		 
              at clojure.core$comp$fn__5807.invoke(core.clj:2569)
      		 
              at puppetlabs.puppetdb.http.query$extract_query$fn__35649.invoke(query.clj:326)
      		 
              at compojure.response$eval2341$fn__2342.invoke(response.clj:33)
      		 
              at compojure.response$eval2296$fn__2297$G__2287__2304.invoke(response.clj:6)
      		 
              at puppetlabs.puppetdb.http.handlers$eval38363$root_routes__38368$fn__38369$fn__38373.invoke(handlers.clj:162)
      		 
              at bidi.ring$eval36598$fn__36599.invoke(ring.cljc:25)
      		 
              at bidi.ring$eval36577$fn__36578$G__36568__36587.invoke(ring.cljc:16)
      		 
              at puppetlabs.puppetdb.middleware$eval37695$make_pdb_handler__37704$fn__37707$fn__37709.invoke(middleware.clj:396)
      		 
              at puppetlabs.puppetdb.middleware$wrap_with_illegal_argument_catch$fn__37545.invoke(middleware.clj:101)
      		 
              at puppetlabs.puppetdb.middleware$verify_accepts_content_type$fn__37549.invoke(middleware.clj:116)
      		 
              at puppetlabs.puppetdb.middleware$verify_content_type$fn__37561.invoke(middleware.clj:146)
      		 
              at puppetlabs.puppetdb.middleware$verify_sync_version$fn__37645.invoke(middleware.clj:334)
      		 
              at puppetlabs.puppetdb.middleware$wrap_with_metrics$fn__37606$fn__37615.invoke(middleware.clj:252)
      		 
              at puppetlabs.puppetdb.utils.metrics$multitime_BANG__STAR_$fn__30587$fn__30588$fn__30589.invoke(metrics.clj:15)
      		 
              at puppetlabs.puppetdb.utils.metrics.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
      		 
              at com.codahale.metrics.Timer.time(Timer.java:101)
      		 
              at puppetlabs.puppetdb.utils.metrics$multitime_BANG__STAR_$fn__30587$fn__30588.invoke(metrics.clj:15)
      		 
              at puppetlabs.puppetdb.utils.metrics$multitime_BANG__STAR_$fn__30587$fn__30588$fn__30589.invoke(metrics.clj:15)
      		 
              at puppetlabs.puppetdb.utils.metrics.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
      		 
              at com.codahale.metrics.Timer.time(Timer.java:101)
      		 
              at puppetlabs.puppetdb.utils.metrics$multitime_BANG__STAR_$fn__30587$fn__30588.invoke(metrics.clj:15)
      		 
              at puppetlabs.puppetdb.utils.metrics$multitime_BANG__STAR_$fn__30587$fn__30588$fn__30589.invoke(metrics.clj:15)
      		 
              at puppetlabs.puppetdb.utils.metrics.proxy$java.lang.Object$Callable$7da976d4.call(Unknown Source)
      		 
              at com.codahale.metrics.Timer.time(Timer.java:101)
      		 
              at puppetlabs.puppetdb.utils.metrics$multitime_BANG__STAR_$fn__30587$fn__30588.invoke(metrics.clj:15)
      		 
              at puppetlabs.puppetdb.utils.metrics$multitime_BANG__STAR_.invokeStatic(metrics.clj:18)
      		 
              at puppetlabs.puppetdb.utils.metrics$multitime_BANG__STAR_.invoke(metrics.clj:7)
      		 
              at puppetlabs.puppetdb.middleware$wrap_with_metrics$fn__37606.invoke(middleware.clj:251)
      		 
              at puppetlabs.puppetdb.middleware$wrap_with_globals$fn__37540.invoke(middleware.clj:95)
      		 
              at puppetlabs.puppetdb.http.server$build_app$fn__38958.invoke(server.clj:78)
      		 
              at compojure.core$routing$fn__4141.invoke(core.clj:151)
      		 
              at clojure.core$some.invokeStatic(core.clj:2701)
      		 
              at clojure.core$some.invoke(core.clj:2692)
      		 
              at compojure.core$routing.invokeStatic(core.clj:151)
      		 
              at compojure.core$routing.doInvoke(core.clj:148)
      		 
              at clojure.lang.RestFn.invoke(RestFn.java:423)
      		 
              at puppetlabs.puppetdb.pdb_routing$wrap_with_context$fn__53387.invoke(pdb_routing.clj:35)
      		 
              at compojure.core$if_context$fn__4205.invoke(core.clj:218)
      		 
              at compojure.core$routing$fn__4141.invoke(core.clj:151)
      		 
              at clojure.core$some.invokeStatic(core.clj:2701)
      		 
              at clojure.core$some.invoke(core.clj:2692)
      		 
              at compojure.core$routing.invokeStatic(core.clj:151)
      		 
              at compojure.core$routing.doInvoke(core.clj:148)
      		 
              at clojure.lang.RestFn.applyTo(RestFn.java:139)
      		 
              at clojure.core$apply.invokeStatic(core.clj:667)
      		 
              at clojure.core$apply.invoke(core.clj:660)
      		 
              at compojure.core$routes$fn__4145.invoke(core.clj:156)
      		 
              at compojure.core$routing$fn__4141.invoke(core.clj:151)
      		 
              at clojure.core$some.invokeStatic(core.clj:2701)
      		 
              at clojure.core$some.invoke(core.clj:2692)
      		 
              at compojure.core$routing.invokeStatic(core.clj:151)
      		 
              at compojure.core$routing.doInvoke(core.clj:148)
      		 
              at clojure.lang.RestFn.invoke(RestFn.java:460)
      		 
              at puppetlabs.puppetdb.pdb_routing$pdb_app$fn__53398.invoke(pdb_routing.clj:63)
      		 
              at compojure.core$if_context$fn__4205.invoke(core.clj:218)
      		 
              at ring.middleware.params$wrap_params$fn__35709.invoke(params.clj:67)
      		 
              at puppetlabs.puppetdb.middleware$wrap_with_certificate_cn$fn__37530.invoke(middleware.clj:77)
      		 
              at puppetlabs.puppetdb.middleware$wrap_with_default_body$fn__37535.invoke(middleware.clj:84)
      		 
              at puppetlabs.puppetdb.middleware$wrap_with_debug_logging$fn__37513.invoke(middleware.clj:41)
      		 
              at puppetlabs.i18n.core$locale_negotiator$fn__124.invoke(core.clj:357)
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_core$ring_handler$fn__45249.invoke(jetty9_core.clj:455)
      		 
              at puppetlabs.trapperkeeper.services.webserver.jetty9_core.proxy$org.eclipse.jetty.server.handler.AbstractHandler$ff19274a.handle(Unknown Source)
      		 
              at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
      		 
              at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
      		 
              at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
      		 
              at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:190)
      		 
              at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
      		 
              at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
      		 
              at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234)
      		 
              at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
      		 
              at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:766)
      		 
              at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:179)
      		 
              at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
      		 
              at org.eclipse.jetty.server.Server.handle(Server.java:516)
      		 
              at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388)
      		 
              at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)
      		 
              at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
      		 
              at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
      		 
              at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
      		 
              at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
      		 
              at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
      		 
              at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
      		 
              at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
      		 
              at java.base/java.lang.Thread.run(Thread.java:829)
      		 
      </pre>
      		 
       
      		 
      </body>
      		 
      </html>

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. PDB-5065 Stop returning HTML error from the API

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Activity

            People

              oana.tanasoiu Oana Tanasoiu
              austin.blatt Austin Blatt
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support