Invalid URIs flood the log output with stack traces

Question

Invalid URIs flood the log output with stack traces

wnortje opened this issue 2 years ago · comments

Invalid URLs (e.g. /index.php?s=/Index/\x5C) cause puri:uri-parse-error errors which Hunchentoot catches and then prints a stack trace to the log output. This quickly floods the log file when the app is open to the internet.

This code works around the problem

(defmethod hunchentoot:maybe-invoke-debugger ((condition puri:uri-parse-error))
  (call-next-method)
  (hunchentoot:log-message* :error "~A" condition)
  (setf (hunchentoot:return-code*) hunchentoot:+HTTP-BAD-REQUEST+)
  (hunchentoot:abort-request-handler))

A better solution is probably for easy-routes to catch these errors and convert them to Hunchentoot's native error class and then let Hunchentoot deal with them.

Mariano Montone · Answer 1 · Wed Jun 22 2022 05:27:31 GMT+0800 (China Standard Time)

Thanks for reporting. I'll see if I apply your solution, or something else.

vindarel · Answer 2 · Wed Jun 22 2022 22:21:59 GMT+0800 (China Standard Time)

my 2c: I've had a couple bugs with Puri, but none with Quri: https://github.com/fukamachi/quri

;; works:
(quri:parse-uri "/index.php?s=/Index/??=?")
=>
NIL
NIL
NIL
NIL
"/index.php"
"s=/Index/??=?"
NIL

;; with Puri: uri-parse-error

etc

Mariano Montone · Answer 3 · Wed Jun 22 2022 22:24:45 GMT+0800 (China Standard Time)

Good to know. I may try to switch to quri then..