search

cyberark / conjur

CyberArk Conjur automatically secures secrets used by privileged users and machine identities
https://conjur.org
Other
756 stars 121 forks source link

Application errors are not visible to end users #1630

Open andytinkham opened 4 years ago

andytinkham commented 4 years ago

Summary

In doing some performance testing, @nessiLahav found that server-side errors can still return the default Rails error page. We should ensure that Rails does not do this.

Steps to Reproduce

  1. Trigger a 500-level server error, either through inserting a fake exception or causing a Sequel:PoolTimeout by applying load as @nessiLahav did.
  2. For instructions to reproduce, follow one of the failure scenarios here Note: Any Postgres errors for examples (too many client, pool timeout) will reproduced the issue
  3. Look at the error page. image

Expected Results

Production mode error page should indicate an error occured but should not give error details. Development mode error page should give the full stack trace of the issue.

Actual Results (including error logs, if applicable)

The default Rails status page appears.

The rest I'll leave to @nessiLahav to add more details about his setup:

Reproducible

Version/Tag number

Conjur version: 5.8.1

Environment setup

DAP deployment setup: 1 DAP Master + 1 synchronous standby + 1 async standby Conjur Image: CentOS 7 Cloud: AWS

Additional Information

We should start the investigation by simulate Postgres errors by UT or in debug mode, in different flows in the code (not just HFT) to understand the behavior.

eladkug commented 4 years ago

@andytinkham do we have some inputs in our logs about the problem ? It make sense the the end user will not get all the information.

andytinkham commented 4 years ago

No idea - @nessiLahav?