You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Isabelle Giguere (Jira)" <ji...@apache.org> on 2021/01/22 21:20:00 UTC

[jira] [Commented] (SOLR-14886) Suppress stack trace in Query response.

    [ https://issues.apache.org/jira/browse/SOLR-14886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17270442#comment-17270442 ] 

Isabelle Giguere commented on SOLR-14886:
-----------------------------------------

We could easily add a parameter in solr.xml to hide (or not) stack traces:

But doing something with that parameter will not be easy.

I thought of a solution that would use that new parameter to modify the response just before sending it out, so the actual log file would not be affected.  Either adapt implementations of QueryResponseWriter, or method SolrCore.postDecorateResponse.

However, the "trace" element of the response seems to be set all over the code, instead of handling the Exception properly, or throwing it so it could be handled in a more generic way elsewhere.  These locations in code (at least 12 that I can see in branch_8x, not counting unit tests) don't all have access to the config from solr.xml

For example, trying to sort results using a multi-valued field (a date field) yields this error.  The "error" and "trace" elements are set in QueryComponent.mergeIds.
{code}
<lst name="error">
<str name="msg">
class java.lang.String cannot be cast to class org.apache.lucene.util.BytesRef (java.lang.String is in module java.base of loader 'bootstrap'; org.apache.lucene.util.BytesRef is in unnamed module of loader org.eclipse.jetty.webapp.WebAppClassLoader @c00fff0)
</str>
<str name="trace">
java.lang.ClassCastException: class java.lang.String cannot be cast to class org.apache.lucene.util.BytesRef (java.lang.String is in module java.base of loader 'bootstrap'; org.apache.lucene.util.BytesRef is in unnamed module of loader org.eclipse.jetty.webapp.WebAppClassLoader @c00fff0) at org.apache.lucene.search.FieldComparator$TermOrdValComparator.compareValues(FieldComparator.java:561) at org.apache.solr.handler.component.ShardFieldSortedHitQueue$1.compare(ShardFieldSortedHitQueue.java:161) at org.apache.solr.handler.component.ShardFieldSortedHitQueue$1.compare(ShardFieldSortedHitQueue.java:153) at org.apache.solr.handler.component.ShardFieldSortedHitQueue.lessThan(ShardFieldSortedHitQueue.java:92) at org.apache.solr.handler.component.ShardFieldSortedHitQueue.lessThan(ShardFieldSortedHitQueue.java:33) at org.apache.lucene.util.PriorityQueue.upHeap(PriorityQueue.java:254) at org.apache.lucene.util.PriorityQueue.add(PriorityQueue.java:131) at org.apache.lucene.util.PriorityQueue.insertWithOverflow(PriorityQueue.java:147) at org.apache.solr.handler.component.QueryComponent.mergeIds(QueryComponent.java:958) at org.apache.solr.handler.component.QueryComponent.handleRegularResponses(QueryComponent.java:614) at org.apache.solr.handler.component.QueryComponent.handleResponses(QueryComponent.java:593) at org.apache.solr.handler.component.SearchHandler.handleRequestBody(SearchHandler.java:454) at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:211) at org.apache.solr.core.SolrCore.execute(SolrCore.java:2596) at org.apache.solr.servlet.HttpSolrCall.execute(HttpSolrCall.java:802) at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:579) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:420) at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:352) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191) at org.eclipse.jetty.server.handler.InetAccessHandler.handle(InetAccessHandler.java:177) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:516) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) at java.base/java.lang.Thread.run(Unknown Source)
</str>
<int name="code">500</int>
</lst>
{code}

Exceptions that end-up in handleRequest(SolrQueryRequest, SolrQueryResponse) don't have a "trace" element in the response, as far as I can tell.

> Suppress stack trace in Query response.
> ---------------------------------------
>
>                 Key: SOLR-14886
>                 URL: https://issues.apache.org/jira/browse/SOLR-14886
>             Project: Solr
>          Issue Type: Improvement
>    Affects Versions: 8.6.2
>            Reporter: Vrinda Davda
>            Priority: Minor
>
> Currently there is no way to suppress the stack trace in solr response when it throws an exception, like when a client sends a badly formed query string, or exception with status 500 It sends full stack trace in the response. 
> I would propose a configuration for error messages so that the stack trace is not visible to avoid any sensitive information in the stack trace.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org