Skip to Content
  2. Mailing Lists
  3. Contributors
  4. Re: How to prevent odoo to send the entire traceback

Archives

Contributors

Re: How to prevent odoo to send the entire traceback

Re: How to prevent odoo to send the entire traceback

Re: How to prevent odoo to send the entire traceback

I did see a module in use once that hashed out the folder names in the tracebacks, which are one of the sensitive parts. But I cant remember which module it was.

On 1/21/22 10:07 AM, Nils Hamerlinck wrote:
Hi Dominique,

You can try with a server wide module that overrides serialize_exception:

old_http_serialize_exception = http.serialize_exception

def http_serialize_exception(e):
    tmp = old_http_serialize_exception(e)
    tmp['debug'] = 'Please check the logs for the traceback.'
    return tmp

if 'redacted_module' in config.get('server_wide_modules'):
    _logger.debug('Overriding default serialize_exception')
    http.serialize_exception = http_serialize_exception

Regards,

Nils

On Fri, Jan 21, 2022 at 11:27 AM Dominique k <dominique.k@elico-corp.com.sg> wrote:
Hi,

Not sure if this is the right place to ask:
Whenever there is an error, Odoo will send back a traceback (whether it is an API call, or from the browser).
This could be a security issue, as a lot of data can be sent back. Is it possible to reduce the size of the traceback? - so as to prevent an attacker from retrieving any information on the server ?

Regards,
Dominique 

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe

by Tom Blauwendraat - 11:35 - 21 Jan 2022

Reference

  • How to prevent odoo to send the entire traceback
    Hi,

    Not sure if this is the right place to ask:
    Whenever there is an error, Odoo will send back a traceback (whether it is an API call, or from the browser).
    This could be a security issue, as a lot of data can be sent back. Is it possible to reduce the size of the traceback? - so as to prevent an attacker from retrieving any information on the server ?

    Regards,
    Dominique 
    by dominique.k - 05:25 - 21 Jan 2022

    3 replies 3 replies

    • Re: How to prevent odoo to send the entire traceback
      tks so much.
      we'll try :-)


      Dominique 


      On Fri, 21 Jan 2022 at 17:07, Nils Hamerlinck <nils@hamerlinck.fr> wrote:
      Hi Dominique,

      You can try with a server wide module that overrides serialize_exception:

      old_http_serialize_exception = http.serialize_exception

      def http_serialize_exception(e):
          tmp = old_http_serialize_exception(e)
          tmp['debug'] = 'Please check the logs for the traceback.'
          return tmp

      if 'redacted_module' in config.get('server_wide_modules'):
          _logger.debug('Overriding default serialize_exception')
          http.serialize_exception = http_serialize_exception

      Regards,

      Nils

      On Fri, Jan 21, 2022 at 11:27 AM Dominique k <dominique.k@elico-corp.com.sg> wrote:
      Hi,

      Not sure if this is the right place to ask:
      Whenever there is an error, Odoo will send back a traceback (whether it is an API call, or from the browser).
      This could be a security issue, as a lot of data can be sent back. Is it possible to reduce the size of the traceback? - so as to prevent an attacker from retrieving any information on the server ?

      Regards,
      Dominique 

      _______________________________________________
      Mailing-List: https://odoo-community.org/groups/contributors-15
      Post to: mailto:contributors@odoo-community.org
      Unsubscribe: https://odoo-community.org/groups?unsubscribe

      _______________________________________________
      Mailing-List: https://odoo-community.org/groups/contributors-15
      Post to: mailto:contributors@odoo-community.org
      Unsubscribe: https://odoo-community.org/groups?unsubscribe

      by dominique.k - 11:55 - 21 Jan 2022
    • Re: How to prevent odoo to send the entire traceback

      I did see a module in use once that hashed out the folder names in the tracebacks, which are one of the sensitive parts. But I cant remember which module it was.

      On 1/21/22 10:07 AM, Nils Hamerlinck wrote:
      Hi Dominique,

      You can try with a server wide module that overrides serialize_exception:

      old_http_serialize_exception = http.serialize_exception

      def http_serialize_exception(e):
          tmp = old_http_serialize_exception(e)
          tmp['debug'] = 'Please check the logs for the traceback.'
          return tmp

      if 'redacted_module' in config.get('server_wide_modules'):
          _logger.debug('Overriding default serialize_exception')
          http.serialize_exception = http_serialize_exception

      Regards,

      Nils

      On Fri, Jan 21, 2022 at 11:27 AM Dominique k <dominique.k@elico-corp.com.sg> wrote:
      Hi,

      Not sure if this is the right place to ask:
      Whenever there is an error, Odoo will send back a traceback (whether it is an API call, or from the browser).
      This could be a security issue, as a lot of data can be sent back. Is it possible to reduce the size of the traceback? - so as to prevent an attacker from retrieving any information on the server ?

      Regards,
      Dominique 

      _______________________________________________
      Mailing-List: https://odoo-community.org/groups/contributors-15
      Post to: mailto:contributors@odoo-community.org
      Unsubscribe: https://odoo-community.org/groups?unsubscribe

      _______________________________________________
      Mailing-List: https://odoo-community.org/groups/contributors-15
      Post to: mailto:contributors@odoo-community.org
      Unsubscribe: https://odoo-community.org/groups?unsubscribe

      by Tom Blauwendraat - 11:35 - 21 Jan 2022
    • Re: How to prevent odoo to send the entire traceback
      Hi Dominique,

      You can try with a server wide module that overrides serialize_exception:

      old_http_serialize_exception = http.serialize_exception

      def http_serialize_exception(e):
          tmp = old_http_serialize_exception(e)
          tmp['debug'] = 'Please check the logs for the traceback.'
          return tmp

      if 'redacted_module' in config.get('server_wide_modules'):
          _logger.debug('Overriding default serialize_exception')
          http.serialize_exception = http_serialize_exception

      Regards,

      Nils

      On Fri, Jan 21, 2022 at 11:27 AM Dominique k <dominique.k@elico-corp.com.sg> wrote:
      Hi,

      Not sure if this is the right place to ask:
      Whenever there is an error, Odoo will send back a traceback (whether it is an API call, or from the browser).
      This could be a security issue, as a lot of data can be sent back. Is it possible to reduce the size of the traceback? - so as to prevent an attacker from retrieving any information on the server ?

      Regards,
      Dominique 

      _______________________________________________
      Mailing-List: https://odoo-community.org/groups/contributors-15
      Post to: mailto:contributors@odoo-community.org
      Unsubscribe: https://odoo-community.org/groups?unsubscribe

      by Nils Hamerlinck - 10:06 - 21 Jan 2022