如何在部署在 aws lambda 上并与 API 网关集成的 python 代码中隐藏我的异常堆栈跟踪
[英]How can I hide my exception stack trace in python code which is deployed on aws lambda and integrated with API gateway
问题描述
I use raise Exception (" message ") and it returns this on browser {"errorMessage": "{"httpStatus": 200, "message": "Exception: {\"httpStatus\": 200, \"message\": \"Exception: [InternalServerError] Project not found\"}"}", "errorType": "Exception", "stackTrace": [the stack trace]}
我使用 raise Exception (" message ") 它在浏览器上返回 {"errorMessage": "{"httpStatus": 200, "message": "Exception: {\"httpStatus\": 200, \"message\": \"Exception: [InternalServerError] Project not found\"}"}", "errorType": "Exception", "stackTrace": [堆栈跟踪]}
The stack trace causes security issue堆栈跟踪导致安全问题
1 个解决方案
解决方案1
0 2021-05-16 17:44:04
If you are using API gateway in front of lambda.如果您在 lambda 前面使用 API 网关。 You can set reponse mapping template like below, this will override the response error message and response code as well.您可以像下面这样设置响应映射模板,这也将覆盖响应错误消息和响应代码。
#if($inputRoot.toString().contains('InternalServerError'))
{
"message": "Internal Server Error"
}
#set($context.responseOverride.status = 500)
Alternately you can also catch all the exceptions in the lambda and return whatever you like.或者,您也可以捕获 lambda 中的所有异常并返回您喜欢的任何内容。 However this will not override the status code and you would still get 200 even in case of error.但是,这不会覆盖状态代码,即使出现错误,您仍然会得到 200。
def handler(event, context):
try:
dosomething(event)
except Exception:
retunrn { "message": "Internal Server error" }
def dosomething(event):
.... You business logic.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.