Open epag opened 1 month ago
Original Redmine Comment Author Name: Jesse (Jesse) Original Date: 2019-04-26T14:53:53Z
Example of leak:
Could not find resource DRRC2_QINE_HEFS_BOX_PLOT_OF_ERRORS_BY_FORECAST_VALUE_18000_SECONDS.csv at /mnt/wres_share/evaluations/wresjob-1482279352192129888_15552560703851448073/wres_evaluation_output_5602574143290373771/DRRC2_QINE_HEFS_BOX_PLOT_OF_ERRORS_BY_FORECAST_VALUE_18000_SECONDS.csv from uri file:///mnt/wres_share/evaluations/wresjob-1482279352192129888_15552560703851448073/wres_evaluation_output_5602574143290373771/DRRC2_QINE_HEFS_BOX_PLOT_OF_ERRORS_BY_FORECAST_VALUE_18000_SECONDS.csv
The above information came from a request for https://nwcal-wres-dev.[host]/job/-1482279352192129888/output/DRRC2_QINE_HEFS_BOX_PLOT_OF_ERRORS_BY_FORECAST_VALUE_18000_SECONDS.csv
The leaked information is nice debug information but shouldn't be sent out to the clients. It should be logged, but the message sent to clients should not reveal full absolute paths of the data.
Original Redmine Comment Author Name: Jesse (Jesse) Original Date: 2019-06-11T17:07:58Z
Similarly, I don't want the stdout leaked through the HTTP interface. This was the ticket I have been looking for related to the GUI. The GUI shouldn't be leaking stdout, but we don't have any other interface to work with besides the exit code at the moment.
Author Name: Jesse (Jesse) Original Redmine Issue: 63038, https://vlab.noaa.gov/redmine/issues/63038 Original Date: 2019-04-26
Given a run of WRES, followed by a "close" of the evaluation by "DELETE" on the output uri When I attempt to GET one of the output resources Then the error message should not include absolute paths that leak information about the location of data on that system