[R] Exclude tracebacks from error responses (#6420, PR #6761)

common.mk

@@ -49,7 +49,7 @@ check_python: check_venv
 	@if ! python -c "import sys; \
                      from chalice import chalice_version as v; \
 		             p = lambda v: tuple(map(int, v.split('.'))); \
-		             sys.exit(0 if p(v) == p('1.31.2') else 1)"; then \
+		             sys.exit(0 if p(v) == p('1.31.3') else 1)"; then \
 		echo -e "\nLooks like chalice is out of date. Please run 'make requirements'\n"; \
 		false; \
 	fi

requirements.all.txt

@@ -10,12 +10,12 @@ blinker==1.9.0
 boto3==1.35.84
 boto3-stubs==1.35.84
 botocore==1.35.84
-botocore-stubs==1.35.92
+botocore-stubs==1.35.94
 brotli==1.1.0
 cachetools==5.5.0
 certifi==2024.12.14
 cffi==1.17.1
-chalice==1.31.2+13
+chalice==1.31.3+15
 charset-normalizer==3.4.1
 chevron==0.14.0
 click==8.1.8
@@ -26,6 +26,7 @@ cryptography==44.0.0
 deprecated==1.2.15
 docker==7.1.0
 docutils==0.16
+editor==1.6.6
 elasticsearch==7.17.12
 elasticsearch-dsl==7.4.1
 et_xmlfile==2.0.0
@@ -57,7 +58,7 @@ http-message-signatures==0.5.0
 http_sfv==0.9.9
 httplib2==0.22.0
 idna==3.10
-inquirer==2.10.1
+inquirer==3.4.0
 itsdangerous==2.2.0
 jinja2==3.1.5
 jmespath==1.0.1
@@ -72,14 +73,14 @@ mccabe==0.7.0
 more-itertools==10.5.0
 moto==5.0.24
 msgpack==1.1.0
-mypy-boto3-dynamodb==1.35.74
-mypy-boto3-ecr==1.35.90
-mypy-boto3-iam==1.35.61
-mypy-boto3-kms==1.35.0
-mypy-boto3-lambda==1.35.68
-mypy-boto3-s3==1.35.92
-mypy-boto3-sqs==1.35.91
-mypy-boto3-stepfunctions==1.35.68
+mypy-boto3-dynamodb==1.35.94
+mypy-boto3-ecr==1.35.93
+mypy-boto3-iam==1.35.93
+mypy-boto3-kms==1.35.93
+mypy-boto3-lambda==1.35.93
+mypy-boto3-s3==1.35.93
+mypy-boto3-sqs==1.35.93
+mypy-boto3-stepfunctions==1.35.93
 openapi-schema-validator==0.6.2
 openapi-spec-validator==0.7.1
 openpyxl==3.1.5
@@ -104,7 +105,6 @@ pyopenssl==24.3.0
 pyparsing==3.2.1
 python-dateutil==2.9.0.post0
 python-dxf==12.1.0
-python-editor==1.0.4
 python-gitlab==5.2.0
 pytz==2024.2
 pyyaml==6.0.2
@@ -118,6 +118,7 @@ responses==0.25.3
 rfc3339-validator==0.1.4
 rpds-py==0.22.3
 rsa==4.7.2
+runs==1.2.2
 s3transfer==0.10.4
 setuptools==75.6.0
 setuptools-scm==5.0.2
@@ -139,5 +140,6 @@ wheel==0.45.1
 wrapt==1.17.0
 www-authenticate==0.9.2
 xmltodict==0.14.2
+xmod==1.8.1
 zope.event==5.0
 zope.interface==7.2

requirements.dev.trans.txt

@@ -1,11 +1,12 @@
 blessed==1.20.0
 blinker==1.9.0
-botocore-stubs==1.35.92
+botocore-stubs==1.35.94
 brotli==1.1.0
 click==8.1.8
 colorama==0.4.6
 configargparse==1.7
 docutils==0.16
+editor==1.6.6
 et_xmlfile==2.0.0
 flask==3.1.0
 flask-cors==5.0.0
@@ -15,22 +16,22 @@ gitdb==4.0.12
 google-auth-httplib2==0.2.0
 greenlet==3.1.1
 httplib2==0.22.0
-inquirer==2.10.1
+inquirer==3.4.0
 itsdangerous==2.2.0
 jinja2==3.1.5
 jsonschema==4.23.0
 jsonschema-path==0.3.3
 jsonschema-specifications==2023.12.1
 lazy-object-proxy==1.10.0
 mccabe==0.7.0
-mypy-boto3-dynamodb==1.35.74
-mypy-boto3-ecr==1.35.90
-mypy-boto3-iam==1.35.61
-mypy-boto3-kms==1.35.0
-mypy-boto3-lambda==1.35.68
-mypy-boto3-s3==1.35.92
-mypy-boto3-sqs==1.35.91
-mypy-boto3-stepfunctions==1.35.68
+mypy-boto3-dynamodb==1.35.94
+mypy-boto3-ecr==1.35.93
+mypy-boto3-iam==1.35.93
+mypy-boto3-kms==1.35.93
+mypy-boto3-lambda==1.35.93
+mypy-boto3-s3==1.35.93
+mypy-boto3-sqs==1.35.93
+mypy-boto3-stepfunctions==1.35.93
 openapi-schema-validator==0.6.2
 pathable==0.4.3
 psutil==6.1.1
@@ -40,13 +41,13 @@ pyflakes==3.2.0
 pyjwt==2.10.1
 pynacl==1.5.0
 pyparsing==3.2.1
-python-editor==1.0.4
 pyzmq==26.2.0
 readchar==4.2.1
 referencing==0.35.1
 requests-toolbelt==1.0.0
 rfc3339-validator==0.1.4
 rpds-py==0.22.3
+runs==1.2.2
 smmap==5.0.2
 tqdm==4.67.1
 types-awscrt==0.23.6
@@ -55,5 +56,6 @@ uritemplate==4.1.1
 wcwidth==0.2.13
 www-authenticate==0.9.2
 xmltodict==0.14.2
+xmod==1.8.1
 zope.event==5.0
 zope.interface==7.2

requirements.dev.txt

@@ -5,7 +5,7 @@ coverage==7.6.9
 docker==7.1.0
 flake8==7.1.1
 gevent==24.11.1
-git+https://github.com/DataBiosphere/[email protected].2+13#egg=chalice
+git+https://github.com/DataBiosphere/[email protected].3+15#egg=chalice
 git+https://github.com/hannes-ucsc/[email protected]+1#egg=requirements-parser
 gitpython==3.1.43
 google-api-python-client==2.156.0

scripts/reindex.py

@@ -94,7 +94,7 @@
                     action='store_true',
                     help='Delete all documents in the current deployment that match '
                          'the specified sources. '
-                         'Incompatible with --index, --create, and --delete. '
+                         'Incompatible with --create and --delete. '
                          'Do not run while indexing is ongoing.')
 parser.add_argument('--create',
                     default=False,

src/azul/chalice.py

@@ -143,7 +143,8 @@ def __init__(self,
         assert 'paths' not in spec, 'The top-level spec must not define paths'
         self._specs = copy_json(spec)
         self._specs['paths'] = {}
-        super().__init__(app_name, debug=config.debug > 0, configure_logs=False)
+        # The `debug` arg controls whether tracebacks appear in error responses
+        super().__init__(app_name, debug=config.debug > 1, configure_logs=False)
         # Middleware is invoked in order of registration
         self.register_middleware(self._logging_middleware, 'http')
         self.register_middleware(self._security_headers_middleware, 'http')

test/test_app_logging.py

@@ -96,35 +96,42 @@ def fail():
                     self.assertIn(magic_message, app_log.output[0])
                     self.assertIn(traceback_header, app_log.output[0])
 
-                    if debug:
-                        # In debug mode, the response includes the traceback …
-                        response = response.content.decode()
-                        self.assertTrue(response.startswith(traceback_header))
-                        self.assertIn(magic_message, response)
-                        # … and the response is logged.
-                        headers = {
-                            'Content-Type': 'text/plain',
-                            **app.security_headers(),
-                            'Cache-Control': 'no-store'
-                        }
-                        self.assertEqual(
-                            azul_log.output[2],
-                            'DEBUG:azul.chalice:Returning 500 response with headers ' +
-                            json.dumps(headers) + '. ' +
-                            'See next line for the first 1024 characters of the body.\n' +
-                            response
-                        )
-                    else:
-                        # Otherwise, a generic error response is returned …
-                        self.assertEqual(response.json(), {
+                    body = response.content.decode()
+                    if debug < 2:
+                        # We don't allow stacktraces in error responses …
+                        self.assertNotIn(traceback_header, body)
+                        self.assertNotIn(magic_message, body)
+                        body = json.loads(body)
+                        self.assertEqual(body, {
+                            'RequestId': body['RequestId'],  # different for every request
                             'Code': 'InternalServerError',
-                            'Message': 'An internal server error occurred.'
+                            'Message': 'An internal server error occurred.',
                         })
-                        # … and a generic error message is logged.
-                        self.assertEqual(
-                            azul_log.output[2],
-                            'INFO:azul.chalice:Returning 500 response. To log headers and body, set AZUL_DEBUG to 1.'
-                        )
+                        body = json.dumps(body)  # the body is logged without indentation
+                    else:
+                        # … except at the highest debug setting.
+                        self.assertIn(traceback_header, body)
+                        self.assertIn(magic_message, body)
+
+                    headers = {
+                        # At lower debug levels, the content type header isn't
+                        # set when running Chalice locally. If it were, the
+                        # expected value would be `application/json`.
+                        **({} if debug < 2 else {'Content-Type': 'text/plain'}),
+                        **app.security_headers(),
+                        'Cache-Control': 'no-store',
+                    }
+                    expected = (
+                        'DEBUG:azul.chalice:Returning 500 response with headers ' +
+                        json.dumps(headers) + '. ' +
+                        'See next line for the first 1024 characters of the body.\n' +
+                        body
+                    ) if debug else (
+                        'INFO:azul.chalice:Returning 500 response. ' +
+                        'To log headers and body, set AZUL_DEBUG to 1.'
+                    )
+                    self.maxDiff = None
+                    self.assertEqual(azul_log.output[2], expected)
 
 
 class TestPermittedWarnings(AzulUnitTestCase):

test/test_log_forwarding.py

@@ -154,7 +154,7 @@ def test_s3(self):
             '52',
             dq('-'),
             dq('Boto3/1.24.94 Python/3.12.7 Linux/4.14.255-301-238.520.amzn2.x86_64',
-               'exec-env/AWS_Lambda_python3.12 aws-chalice/1.31.2 Botocore/1.27.94'),
+               'exec-env/AWS_Lambda_python3.12 aws-chalice/1.31.3 Botocore/1.27.94'),
             '-',
             'jcmyLMRqqJ7dT4ovtY21rtgwmuTC3qs24vgAtLAkcad9sRV92zC90gf2zGvCkxxsLSaKm48AMjo=',
             'SigV4',
@@ -194,7 +194,7 @@ def test_s3(self):
             'total_time': '85',
             'turn_around_time': '52',
             'user_agent': 'Boto3/1.24.94 Python/3.12.7 Linux/4.14.255-301-238.520.amzn2.x86_64 '
-                          'exec-env/AWS_Lambda_python3.12 aws-chalice/1.31.2 Botocore/1.27.94',
+                          'exec-env/AWS_Lambda_python3.12 aws-chalice/1.31.3 Botocore/1.27.94',
             'version_id': '-',
         }]
         self._test(self.controller.forward_s3_access_logs, input, expected_output)