Context Navigation

Modify ↓

#11799 new enhancement

Log messages when permission checks fail rather than traceback

Reported by:	Ryan J Ollos	Owned by:	osimons
Priority:	normal	Component:	XmlRpcPlugin
Severity:	normal	Keywords:
Cc:	Olemis Lang	Trac Release:

Description (last modified by Ryan J Ollos)

Looking in the log files I see many entries like the following:

2014-05-28 12:13:22,695 Trac[web_ui] ERROR: RPC(XML-RPC) Error
Traceback (most recent call last):
  File "build/bdist.linux-x86_64/egg/tracrpc/web_ui.py", line 149, in _rpc_process
    req.perm.require('XML_RPC') # Need at least XML_RPC
  File "/usr/local/python26_trac10/lib/python2.6/site-packages/Trac-1.0.1-py2.6.egg/trac/perm.py", line 579, in require
    raise PermissionError(action, resource, self.env)
PermissionError

Web requests on the other hand are trapped and logged:

2014-05-28 17:01:26,569 Trac[main] WARNING: [12.234.78.2] HTTPForbidden: 403 Forbidden (WIKI_VIEW privileges are required to perform this operation on WikiStart. You don't have the required permissions.)

I'm wondering if we could trap and log XmlRpc requests as warnings. I haven't done more than look at the code yet, but I could probably propose a patch.

Attachments (0)

Change History (5)

comment:1 Changed 9 years ago by Ryan J Ollos

Description:	modified (diff)

comment:2 Changed 8 years ago by Jun Omae

Proposed changes in https://github.com/jun66j5/xmlrpcplugin/commit/t11799.

After the patch:

06:33:44 AM Trac[web_ui] WARNING: RPC(JSON-RPC) [192.168.11.27] PermissionError: XML_RPC privileges are required to perform this operation. You don't have the required permissions.
06:34:39 AM Trac[web_ui] ERROR: RPC(JSON-RPC) [192.168.11.27] Exception caught while calling ticket.get(*[u'a']) by admin
Traceback (most recent call last):
  File "/src/xmlrpcplugin.git/tracrpc/web_ui.py", line 158, in _rpc_process
    result = (XMLRPCSystem(self.env).get_method(method_name)(req, args))[0]
  File "/src/xmlrpcplugin.git/tracrpc/api.py", line 197, in __call__
    result = self.callable(req, *args)
  File "/src/xmlrpcplugin.git/tracrpc/ticket.py", line 154, in get
    t = model.Ticket(self.env, id)
  File "/venv/trac/py27/1.0.13/local/lib/python2.7/site-packages/trac/ticket/model.py", line 69, in __init__
    tkt_id = int(tkt_id)
ValueError: invalid literal for int() with base 10: 'a'

Last edited 8 years ago by Jun Omae (previous) (diff)

comment:3 Changed 8 years ago by Ryan J Ollos

The changes look nice. Okay to merge?

comment:4 Changed 8 years ago by Jun Omae

Fine by me. Could you please review patch in comment:14:ticket:12408?

comment:5 Changed 8 years ago by Ryan J Ollos

Running the latest (r16279), I noticed the following in the logs:

2017-03-20 17:17:23,690 Trac[web_ui] WARNING: RPC(XML-RPC) [82.236.185.165] PermissionError: XML_RPC privileges are required to perform this operation. You don't have the required permissions.

HTTPForbidden should probably be logged.

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as new The owner will remain osimons.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: