Skip to Content
  2. Mailing Lists
  3. Contributors
  4. How to prevent odoo to send the entire traceback

Archives

Contributors

Weblate contact

Manufacturing advice needed - materials of measured units being consumed partially

How to prevent odoo to send the entire traceback

Hi,

Not sure if this is the right place to ask:
Whenever there is an error, Odoo will send back a traceback (whether it is an API call, or from the browser).
This could be a security issue, as a lot of data can be sent back. Is it possible to reduce the size of the traceback? - so as to prevent an attacker from retrieving any information on the server ?

Regards,
Dominique 
by dominique.k - 05:25 - 21 Jan 2022

Follow-Ups

  • Re: How to prevent odoo to send the entire traceback
    tks so much.
    we'll try :-)


    Dominique 


    On Fri, 21 Jan 2022 at 17:07, Nils Hamerlinck <nils@hamerlinck.fr> wrote:
    Hi Dominique,

    You can try with a server wide module that overrides serialize_exception:

    old_http_serialize_exception = http.serialize_exception

    def http_serialize_exception(e):
        tmp = old_http_serialize_exception(e)
        tmp['debug'] = 'Please check the logs for the traceback.'
        return tmp

    if 'redacted_module' in config.get('server_wide_modules'):
        _logger.debug('Overriding default serialize_exception')
        http.serialize_exception = http_serialize_exception

    Regards,

    Nils

    On Fri, Jan 21, 2022 at 11:27 AM Dominique k <dominique.k@elico-corp.com.sg> wrote:
    Hi,

    Not sure if this is the right place to ask:
    Whenever there is an error, Odoo will send back a traceback (whether it is an API call, or from the browser).
    This could be a security issue, as a lot of data can be sent back. Is it possible to reduce the size of the traceback? - so as to prevent an attacker from retrieving any information on the server ?

    Regards,
    Dominique 

    _______________________________________________
    Mailing-List: https://odoo-community.org/groups/contributors-15
    Post to: mailto:contributors@odoo-community.org
    Unsubscribe: https://odoo-community.org/groups?unsubscribe

    _______________________________________________
    Mailing-List: https://odoo-community.org/groups/contributors-15
    Post to: mailto:contributors@odoo-community.org
    Unsubscribe: https://odoo-community.org/groups?unsubscribe

    by dominique.k - 11:55 - 21 Jan 2022
  • Re: How to prevent odoo to send the entire traceback

    I did see a module in use once that hashed out the folder names in the tracebacks, which are one of the sensitive parts. But I cant remember which module it was.

    On 1/21/22 10:07 AM, Nils Hamerlinck wrote:
    Hi Dominique,

    You can try with a server wide module that overrides serialize_exception:

    old_http_serialize_exception = http.serialize_exception

    def http_serialize_exception(e):
        tmp = old_http_serialize_exception(e)
        tmp['debug'] = 'Please check the logs for the traceback.'
        return tmp

    if 'redacted_module' in config.get('server_wide_modules'):
        _logger.debug('Overriding default serialize_exception')
        http.serialize_exception = http_serialize_exception

    Regards,

    Nils

    On Fri, Jan 21, 2022 at 11:27 AM Dominique k <dominique.k@elico-corp.com.sg> wrote:
    Hi,

    Not sure if this is the right place to ask:
    Whenever there is an error, Odoo will send back a traceback (whether it is an API call, or from the browser).
    This could be a security issue, as a lot of data can be sent back. Is it possible to reduce the size of the traceback? - so as to prevent an attacker from retrieving any information on the server ?

    Regards,
    Dominique 

    _______________________________________________
    Mailing-List: https://odoo-community.org/groups/contributors-15
    Post to: mailto:contributors@odoo-community.org
    Unsubscribe: https://odoo-community.org/groups?unsubscribe

    _______________________________________________
    Mailing-List: https://odoo-community.org/groups/contributors-15
    Post to: mailto:contributors@odoo-community.org
    Unsubscribe: https://odoo-community.org/groups?unsubscribe

    by Tom Blauwendraat - 11:35 - 21 Jan 2022
  • Re: How to prevent odoo to send the entire traceback
    Hi Dominique,

    You can try with a server wide module that overrides serialize_exception:

    old_http_serialize_exception = http.serialize_exception

    def http_serialize_exception(e):
        tmp = old_http_serialize_exception(e)
        tmp['debug'] = 'Please check the logs for the traceback.'
        return tmp

    if 'redacted_module' in config.get('server_wide_modules'):
        _logger.debug('Overriding default serialize_exception')
        http.serialize_exception = http_serialize_exception

    Regards,

    Nils

    On Fri, Jan 21, 2022 at 11:27 AM Dominique k <dominique.k@elico-corp.com.sg> wrote:
    Hi,

    Not sure if this is the right place to ask:
    Whenever there is an error, Odoo will send back a traceback (whether it is an API call, or from the browser).
    This could be a security issue, as a lot of data can be sent back. Is it possible to reduce the size of the traceback? - so as to prevent an attacker from retrieving any information on the server ?

    Regards,
    Dominique 

    _______________________________________________
    Mailing-List: https://odoo-community.org/groups/contributors-15
    Post to: mailto:contributors@odoo-community.org
    Unsubscribe: https://odoo-community.org/groups?unsubscribe

    by Nils Hamerlinck - 10:06 - 21 Jan 2022