Skip to content

COMP-1146 Fix error messages #957

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
munishchouhan wants to merge 5 commits into
base: master
Choose a base branch
from
Open

COMP-1146 Fix error messages #957

munishchouhan wants to merge 5 commits into from
+298 −5

Conversation

@munishchouhan
Copy link
Member

@munishchouhan munishchouhan commented Jan 5, 2026
edited
Loading

Overview

This PR adds error message sanitization to the ErrorHandler class to prevent Wave from exposing internal implementation details, class names, and stack traces in API error responses.

What Changed

1. Added sanitizeErrorMessage() Method

Added a new private static method that removes sensitive internal details from error messages:

private static String sanitizeErrorMessage(String message) {
    // Removes:
    // - "Failed to convert argument [xxx] due to:" prefixes
    // - Jackson source locations (e.g., "at [Source: ...]")
    // - Reference chains with internal class paths
    // - Backtick-wrapped class names (e.g., `io.seqera.wave.api.PackagesSpec$Type`)
    // - Unquoted fully qualified class names
    // - Simplifies "Cannot deserialize" messages
    // - Cleans up extra whitespace
}

2. Updated Error Handling Logic

Modified the handle() method to:

  • Log the original unsanitized error message with full details for server-side debugging
  • Sanitize the error message before sending it to API clients
  • Add error IDs to both logs and client responses for correlation

3. Comprehensive Test Coverage

Created ErrorHandlerTest.groovy with 9 test cases covering:

  • Removal of "due to:" prefixes
  • Removal of Jackson source locations
  • Removal of reference chains
  • Replacement of backtick-wrapped class names
  • Replacement of fully qualified class names
  • Complex multi-pattern sanitization
  • Null/empty message handling
  • User-friendly message preservation

Before/After Examples

Unsanitized (Logged Server-Side) Sanitized (Sent to Client)
Failed to convert argument [packages] for value [INVALID] due to: Cannot deserialize value of type 'io.seqera.wave.api.PackagesSpec$Type' from String "INVALID" Invalid value "INVALID"
Cannot deserialize value of type 'io.seqera.wave.api.PackagesSpec$Type' at [Source: (String)"..."; line: 1, column: 24] Cannot deserialize value of type the specified type
Invalid type (through reference chain: io.seqera.wave.api.ContainerRequest["packages"]->io.seqera.wave.api.PackagesSpec["type"]) Invalid type
null or empty Invalid request

Security Improvement

Before: API clients received error messages containing:

  • Internal package structure (io.seqera.wave.api.*)
  • Class names and inner classes (PackagesSpec$Type)
  • Jackson library implementation details
  • Source code line/column information
  • Object reference chains

After: API clients receive clean, user-friendly error messages:

  • Generic type references instead of class names
  • Simplified messages without technical jargon
  • Error IDs for support correlation
  • No internal implementation details

@munishchouhan
Added ErrorResponse
18a6b86 
Signed-off-by: munishchouhan <hrma017@gmail.com>
@munishchouhan munishchouhan changed the title Added ErrorResponse COMP-1146 Fix error messages Jan 5, 2026
@munishchouhan munishchouhan self-assigned this Jan 5, 2026
@munishchouhan munishchouhan marked this pull request as draft January 5, 2026 16:13
@munishchouhan
Revert "Added ErrorResponse"
d6f4012 
This reverts commit 18a6b86.
@munishchouhan
added sanitizeErrorMessage
4fd79d2 
Signed-off-by: munishchouhan <hrma017@gmail.com>
pditommaso
pditommaso requested changes Jan 13, 2026
View reviewed changes
Copy link
Collaborator

@pditommaso pditommaso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be added more explicit examples, both the PR description and test, the message before and after the sanitisation ?

munishchouhan and others added 2 commits January 13, 2026 11:50
@munishchouhan
Copy link
Member Author

munishchouhan commented Jan 13, 2026

Can be added more explicit examples, both the PR description and test, the message before and after the sanitisation ?

done

@munishchouhan munishchouhan marked this pull request as ready for review January 13, 2026 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cristianrcv cristianrcv cristianrcv approved these changes

@arnaualcazar arnaualcazar Awaiting requested review from arnaualcazar

@pditommaso pditommaso Awaiting requested review from pditommaso

Requested changes must be addressed to merge this pull request.

Assignees

@munishchouhan munishchouhan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@munishchouhan @pditommaso @cristianrcv