jina icon indicating copy to clipboard operation
jina copied to clipboard

Published 20 hours ago verified publisher icon jina-ai

By default the gateway should not return the server stack traces to the Client

Open samsja opened this issue 2 years ago • 2 comments

Context

When an error is raise on Server side the full stack trace is send by default to the Client. This trace stack could contains sensitive information like the file path and the name of the user which is used to host the service, therefore it is a security issue.

  • The normal behavior should be to only return internal error like with a normal http connection.
  • Nevertheless the feature is useful for debugging and should be enable when working on debugging mode.

CC: @hanxiao @JohannesMessner

How to reproduce:

server


from jina import DocumentArray, Executor, Flow, requests


class MyExec(Executor):
    @requests
    async def add_text(self, docs: DocumentArray, **kwargs):
        raise Exception('oops')


f = Flow(port=12345).add(uses=MyExec).add(uses=MyExec)

with f:
    f.block()

client


from jina import Client, Document


c = Client(host='grpc://0.0.0.0:12345')
r = c.post('/', Document(), return_responses=True)

print(r[0].status.exception.stacks)

>>>
['Traceback (most recent call last):\n', '  File "/home/sami/Documents/workspace/Jina/jina/jina/serve/runtimes/worker/__init__.py", line 165, in process_data\n    return await self._data_request_handler.handle(requests=requests)\n', '  File "/home/sami/Documents/workspace/Jina/jina/jina/serve/runtimes/request_handlers/data_request_handler.py", line 187, in handle\n    return_data = await self._executor.__acall__(\n', '  File "/home/sami/Documents/workspace/Jina/jina/jina/serve/executors/__init__.py", line 274, in __acall__\n    return await self.__acall_endpoint__(__default_endpoint__, **kwargs)\n', '  File "/home/sami/Documents/workspace/Jina/jina/jina/serve/executors/__init__.py", line 293, in __acall_endpoint__\n    return await func(self, **kwargs)\n', '  File "/home/sami/Documents/workspace/Jina/jina/jina/serve/executors/decorators.py", line 171, in arg_wrapper\n    return await fn(executor_instance, *args, **kwargs)\n', '  File "/home/sami/.config/JetBrains/PyCharmCE2022.1/scratches/scratch_4.py", line 7, in add_text\n    raise Exception(\'oops\')\n', 'Exception: oops\n']

samsja avatar Jun 21 '22 07:06 samsja

@jina-ai/product This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 14 days

jina-bot avatar Sep 20 '22 00:09 jina-bot

Lets keep this open

samsja avatar Sep 20 '22 07:09 samsja