deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Fojtik <mfoj...@redhat.com>
Subject Re: [PATCH 1/3] error messages: quote HTML, shorten backtrace
Date Wed, 26 Sep 2012 13:48:33 GMT
On Sep 25, 2012, at 7:46 PM, lutter@redhat.com wrote:

ACK to all patches in this series.

  -- Michal

> From: David Lutterkort <lutter@redhat.com>
> 
>  * Special characters like &, <, and > need to be escaped in error messages
>  * In the backtrace in error messages, only show paths in deltacloud itself;
>    the full backtrace is still in the error details secion of the page
> ---
> server/lib/deltacloud/helpers/deltacloud_helper.rb |   24 ++++++++++++++++++++
> server/views/cimi/errors/500.xml.haml              |    2 +-
> server/views/errors/500.html.haml                  |   11 +++++---
> 3 files changed, 32 insertions(+), 5 deletions(-)
> 
> diff --git a/server/lib/deltacloud/helpers/deltacloud_helper.rb b/server/lib/deltacloud/helpers/deltacloud_helper.rb
> index ff9ca20..36205e4 100644
> --- a/server/lib/deltacloud/helpers/deltacloud_helper.rb
> +++ b/server/lib/deltacloud/helpers/deltacloud_helper.rb
> @@ -294,6 +294,30 @@ module Deltacloud::Helpers
>       klass.extend SinatraHelper
>     end
> 
> +    HTML_ESCAPE = { '&' => '&amp;',  '>' => '&gt;',   '<' =>
'&lt;', '"' => '&quot;' }
> +
> +    def h(s)
> +      s.to_s.gsub(/[&"><]/n) { |special| HTML_ESCAPE[special] }
> +    end
> +
> +    def bt(trace)
> +      return trace.join("\n") if params['fulltrace']
> +      app_path = File::expand_path("../../..", __FILE__)
> +      dots = false
> +
> +        trace = trace.map { |t| t.match(%r{^#{app_path}(.*)$}) ? "$app#{$1}" : "..."
}.select do |t|
> +        if t == "..."
> +          keep = ! dots
> +          dots = true
> +        else
> +          keep = true
> +          dots = false
> +        end
> +        keep
> +      end
> +      "[\nAbbreviated trace\n   pass fulltrace=1 as query param to see everything\n
 $app = #{app_path}\n]\n" + trace.join("\n")
> +    end
> +
>     private
>     def hardware_property_unit(prop)
>       u = ::Deltacloud::HardwareProfile::unit(prop)
> diff --git a/server/views/cimi/errors/500.xml.haml b/server/views/cimi/errors/500.xml.haml
> index bffa9ee..831d8a4 100644
> --- a/server/views/cimi/errors/500.xml.haml
> +++ b/server/views/cimi/errors/500.xml.haml
> @@ -3,4 +3,4 @@
>   %message< #{cdata @error.message}
>   %backend{ :driver => driver_symbol }
>     %code=response.status
> -  %backtrace< #{cdata @error.backtrace.join("\n")}
> +  %backtrace< #{h bt(@error.backtrace)}
> diff --git a/server/views/errors/500.html.haml b/server/views/errors/500.html.haml
> index 19cf090..1b04a21 100644
> --- a/server/views/errors/500.html.haml
> +++ b/server/views/errors/500.html.haml
> @@ -2,7 +2,7 @@
>   %ul{ :'data-role' => :listview , :'data-inset' => :true, :'data-divider-theme'
=> 'e'}
>     %li{ :'data-role' => 'list-divider'} Server message
>     %li
> -      %h3=[@error.class.name, @error.message].join(' - ')
> +      %h3= h [@error.class.name, @error.message].join(' - ')
>     %li{ :'data-role' => 'list-divider'} Original request URI
>     %li
>       %a{ :href => request.env['REQUEST_URI'], :'data-ajax' => 'false'}
> @@ -11,15 +11,18 @@
>     %li{ :'data-role' => 'list-divider'} Error details
>     %li
>       - if @error.class.method_defined? :details
> -        %p= @error.details
> +        %p= h @error.details
>       - else
>         %em No details
> +    %li{ :'data-role' => 'list-divider'} Backtrace
> +    %li
> +      %pre= bt @error.backtrace
> 
>   %div{ 'data-role' => :collapsible, 'data-collapsed' => "true"}
>     %h3 Backtrace
>     %ul{ :'data-role' => :listview , :'data-inset' => :true, :'data-divider-theme'
=> 'e'}
>       %li
> -        %pre=@error.backtrace.join("\n")
> +        %pre= h @error.backtrace.join("\n")
> 
>   %div{ 'data-role' => :collapsible, 'data-collapsed' => "true"}
>     %h3 Parameters
> @@ -40,4 +43,4 @@
>         - next if value.inspect.to_s == '#'
>         %li{ :'data-role' => 'list-divider'}=key
>         %li
> -          %span{:style => 'font-weight:normal;'}=value.inspect
> +          %span{:style => 'font-weight:normal;'}= h value.inspect
> -- 
> 1.7.7.6
> 

Michal Fojtik
http://deltacloud.org
mfojtik@redhat.com




Mime
View raw message