Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bad query params to #range_limit action should not result in uncaught exception #305

Merged
merged 2 commits into from
Dec 6, 2024
Merged

bad query params to #range_limit action should not result in uncaught exception #305

merged 2 commits into from
Dec 6, 2024

Conversation

jrochkind
Copy link
Member

@jrochkind jrochkind commented Dec 4, 2024
edited
Loading

Note that raising these specific excpetions will be automatically turned by rails into BadRequest => http 400, and NotFound => http 404 response.

The basic goal is that there should be no URL you can construct that will reuslt in an uncaught exception.

Because I hate it when my exception monitor alerts me for things that were random non-working URLs that some bot looking for vulnerabilities or malfunctioning came up with. They didn't find vulnerabilities, but they did find something that caused the logic to raise unexpectedly.

These are all cases seen in the exception monitor in my actual deployed production app; I've been catching/ignoring them locally.

@jrochkind jrochkind force-pushed the bad_range_limit_params branch from 1455ed9 to e285ad4 Compare December 4, 2024 00:22
@jrochkind
bad query params to #range_limit action should not result in uncaught…
4f74fe3 
… exception

Note that raising these specific excpetions will be automatically turned by rails into BadRequest => http 400, and NotFound => http 404 response.
@jrochkind jrochkind force-pushed the bad_range_limit_params branch from e285ad4 to 4f74fe3 Compare December 4, 2024 00:25
@jrochkind
Copy link
Member Author

Sadly too late for beta2!

@jrochkind
Copy link
Member Author

jrochkind commented Dec 4, 2024
edited
Loading

Aha, requires some extra logic to work in BL 7.x too, forthcoming.

This is why we have CI!

jrochkind added a commit to sciencehistory/scihist_digicoll that referenced this pull request Dec 4, 2024
@jrochkind
temporarily update to not yet merged PR in blacklight_range_limit
e20e5f5 
projectblacklight/blacklight_range_limit#305
@jrochkind jrochkind mentioned this pull request Dec 4, 2024
Merged
@seanaery seanaery merged commit 1239284 into main Dec 6, 2024
9 checks passed
@seanaery seanaery deleted the bad_range_limit_params branch December 6, 2024 20:09
jrochkind added a commit to sciencehistory/scihist_digicoll that referenced this pull request Jan 6, 2025
@jrochkind
temporarily update to not yet merged PR in blacklight_range_limit
6351fbd 
projectblacklight/blacklight_range_limit#305
@seanaery seanaery mentioned this pull request Jan 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seanaery seanaery seanaery approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jrochkind @seanaery