richardschwabe
commented
1 year ago Yes, exception and error handling must be improved and used more. Fail as early as possible.
In my opinion, we should make sure that the user sees a nice error message in red inside the CLI, but can access and see a traceback with --debug or in the log file. The code should "exit" / raise an Exception as early as possible to prevent uncontrolled execution and possibly, in the worst case, upload non-expected output to sysreptor.
Of course, the traceback could also be printed out in the console, however, it might clutter up a CLI log file during a pentest, which is unnecessary.
If we run into errors that might not be recoverable, we now fall
fail_with_exit.However, if in the future we want to provide some functionalities (like API classes) as libraries (e.g. for importing into other tools), this method is not very nice.
Shouldn't we instead work with exceptions?