search

Giveth / giveth-dapp

Giveth Dapp for crowdfunding and managing donations on the ethereum blockchain.
https://beta.giveth.io
GNU General Public License v3.0
360 stars 230 forks source link

Mongo DB Error Handling #2492

Open MoeNick opened 3 years ago

MoeNick commented 3 years ago

According to Reza pen test, our data structure may expose on wrong requests. So we have to provide proper error handling for it.

mohammadranjbarz commented 3 years ago

example error: MongoDbError.JPG

mohammadranjbarz commented 3 years ago

Can reproduce like this: calling this URL in postman: wss://feathers.develop.giveth.io/socket.io/?EIO=3&transport=websocket with this message data:

4221["campaigns::find",{"$ne":{"status":"hi"}}]
mohammadranjbarz commented 3 years ago

Before deploy on UAT Screen Shot 1400-06-10 at 12.29.04.png

After deploy Screen Shot 1400-06-10 at 13.07.23.png

rezagazmeh commented 3 years ago

@MoeNick @mohammadranjbarz Database error not detected. But Server Stack trace returned to client. Error handling on the server side must also be done. A new user story definition is suggested for the server side error handling.

mohammadranjbarz commented 3 years ago

@MoeNick @mohammadranjbarz Database error not detected. But Server Stack trace returned to client. Error handling on the server side must also be done. A new user story definition is suggested for the server side error handling.

I added Giveth/feathers-giveth#612 for what @rezagazmeh said