Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Trac>
  3. Users
disabling details in tracebacks?
teridon at gmail
Feb 1, 2023, 12:55 PM
Post #1 of 3 (100 views)
Permalink
Is there already a supported way to disable tracebacks unless a debug flag
is set; similar to
https://stackoverflow.com/questions/27674602/hide-traceback-unless-a-debug-flag-is-set
?

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/05326f57-0e39-4dc6-a8a9-3e0a377060c8n%40googlegroups.com.
Re: disabling details in tracebacks? [ In reply to ]
rjollos at gmail
Feb 1, 2023, 1:10 PM
Post #2 of 3 (100 views)
Permalink
On Wednesday, February 1, 2023 at 3:55:09 PM UTC-5 ter...@gmail.com wrote:

Is there already a supported way to disable tracebacks unless a debug flag
is set; similar to
https://stackoverflow.com/questions/27674602/hide-traceback-unless-a-debug-flag-is-set
?

Do you mean tracebacks rendered on internal errors? I believe those should
only be shown for users with TRAC_ADMIN permission.
https://trac.edgewall.org/browser/tags/trac-1.4.3/trac/web/main.py?marks=736#L719

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/cf51df92-956c-4473-9a56-fb0341d58013n%40googlegroups.com.
Re: disabling details in tracebacks? [ In reply to ]
teridon at gmail
Feb 1, 2023, 3:27 PM
Post #3 of 3 (100 views)
Permalink
Ah, ok I should explain more what I'm after. The traceback is always
provided in the response, but the Trac code filters it out. For example,
one can do:

curl -s "trac-site/bad-url"

And in the server response will be a traceback, like:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/trac/web/main.py",
line 610, in dispatch_request
dispatcher.dispatch(req)
[...]

Nessus sees the path information in the traceback and calls it a
vulnerability. ( https://www.tenable.com/plugins/nessus/57640 )

I'd like to disable the traceback unless I do something like set "debug=1"
in trac.ini or something similar.

As of now, I've manually edited "site-packages/trac/__init__.py" to include:

import sys
sys.tracebacklimit=0
Which does the trick. However, that change will be overwritten for every
new install/upgrade.



On Wednesday, February 1, 2023 at 4:10:34 PM UTC-5 RjOllos wrote:

> On Wednesday, February 1, 2023 at 3:55:09 PM UTC-5 ter...@gmail.com wrote:
>
> Is there already a supported way to disable tracebacks unless a debug flag
> is set; similar to
> https://stackoverflow.com/questions/27674602/hide-traceback-unless-a-debug-flag-is-set
> ?
>
> Do you mean tracebacks rendered on internal errors? I believe those should
> only be shown for users with TRAC_ADMIN permission.
>
> https://trac.edgewall.org/browser/tags/trac-1.4.3/trac/web/main.py?marks=736#L719
>
>

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/4cd6d320-d32e-4bb8-944b-595c9d6b22c2n%40googlegroups.com.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal