Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle unknown routes to avoid stack traces leaks #18972

Merged
merged 1 commit into from
Nov 4, 2023
Merged

Handle unknown routes to avoid stack traces leaks #18972

merged 1 commit into from
Nov 4, 2023

Conversation

Siddhant-K-code
Copy link
Member

@Siddhant-K-code Siddhant-K-code commented Oct 25, 2023
edited
Loading

Description

Go to https://fix-express.preview.gitpod-dev.com/apps/gitlab. See the difference b/w Stack traces leak in UI (current version of prod.) v/s 404 Error message on unhandled API calls instead of leaking Stack traces.

Before After
image image
Summary generated by Copilot

🤖 Generated by Copilot at 2b16077

Fix unknown route handling in the server component. Modify unhandledToError middleware in express-util.ts to send 404 responses instead of throwing errors.

Related Issue(s)

Fixes EXP-259

How to test

Check the difference b/w Stack traces leak in UI (current version of prod.) v/s 404 Error message on unhandled API calls instead of leaking Stack traces.

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

Build Options

Build
  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer
  • analytics=segment
  • with-dedicated-emulation
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
  • with-monitoring

/hold

@roboquat roboquat added size/S and removed size/XS labels Oct 25, 2023
@Siddhant-K-code Siddhant-K-code changed the title trial Handle unknown routes to avoid stack traces leaks Oct 25, 2023
@Siddhant-K-code Siddhant-K-code marked this pull request as ready for review October 25, 2023 16:51
@Siddhant-K-code Siddhant-K-code requested a review from a team as a code owner October 25, 2023 16:51
@Siddhant-K-code Siddhant-K-code added the aspect: security Anything related to preventing vulnerabilities label Oct 28, 2023
@akosyakov
Copy link
Member

akosyakov commented Nov 3, 2023
edited by github-actions bot
Loading

/gh run recreate-vm=true

Comment triggered a workflow run

Started workflow run: 6743005588

  • recreate_vm: true

@Siddhant-K-code
Copy link
Member Author

/unhold

@roboquat roboquat merged commit 98ea4f6 into main Nov 4, 2023
167 of 180 checks passed
@roboquat roboquat deleted the fix/express branch November 4, 2023 07:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akosyakov akosyakov akosyakov approved these changes

Assignees
No one assigned
Labels
aspect: security Anything related to preventing vulnerabilities size/S team: team-experience
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Siddhant-K-code @akosyakov @roboquat