Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

avoid sending back verbose error message and wrong 500 error to user; fix hard code query size of historical analysis #150

Merged
merged 2 commits into from
Jul 30, 2021

Conversation

ylwu-amzn
Copy link
Collaborator

Signed-off-by: Yaliang Wu ylwu@amazon.com

Description

  1. Avoid sending back verbose error message and wrong 500 error to user. This is for security consideration.
  2. Fix hard code query size of historical analysis

Check List

  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@ylwu-amzn ylwu-amzn requested review from kaituo and ohltyler July 29, 2021 20:04
@ylwu-amzn ylwu-amzn marked this pull request as draft July 29, 2021 21:17
@codecov-commenter
Copy link

codecov-commenter commented Jul 29, 2021

Codecov Report

Merging #150 (713eb79) into main (db23563) will decrease coverage by 0.02%.
The diff coverage is 72.22%.

Impacted file tree graph

@@             Coverage Diff              @@
##               main     #150      +/-   ##
============================================
- Coverage     70.33%   70.31%   -0.03%     
- Complexity     2969     2972       +3     
============================================
  Files           268      268              
  Lines         14011    14051      +40     
  Branches       1405     1409       +4     
============================================
+ Hits           9855     9880      +25     
- Misses         3546     3554       +8     
- Partials        610      617       +7     
Flag Coverage Δ
plugin 70.31% <72.22%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...va/org/opensearch/ad/feature/SearchFeatureDao.java 81.36% <0.00%> (ø)
...est/handler/IndexAnomalyDetectorActionHandler.java 43.31% <0.00%> (ø)
.../handler/IndexAnomalyDetectorJobActionHandler.java 28.57% <ø> (+0.71%) ⬆️
...pensearch/ad/settings/AnomalyDetectorSettings.java 100.00% <ø> (ø)
...transport/DeleteAnomalyResultsTransportAction.java 24.00% <0.00%> (-1.00%) ⬇️
...arch/ad/transport/StopDetectorTransportAction.java 75.00% <0.00%> (ø)
...in/java/org/opensearch/ad/EntityProfileRunner.java 6.85% <22.22%> (ø)
...ain/java/org/opensearch/ad/task/ADTaskManager.java 32.68% <50.00%> (ø)
...transport/IndexAnomalyDetectorTransportAction.java 71.83% <50.00%> (-0.64%) ⬇️
...c/main/java/org/opensearch/ad/util/ParseUtils.java 63.44% <50.00%> (+0.15%) ⬆️
... and 18 more

@ylwu-amzn ylwu-amzn marked this pull request as ready for review July 29, 2021 22:09
Copy link
Member

@jmazanec15 jmazanec15 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think PR description needs to give a little more explanation.

@@ -425,7 +426,7 @@ public void onResponse(SearchResponse response) {
listener.onResponse(topEntities);
} else if (expirationEpochMs < clock.millis()) {
if (topEntities.isEmpty()) {
listener.onFailure(new IllegalStateException("timeout to get preview results. Please retry later."));
listener.onFailure(new AnomalyDetectionException("timeout to get preview results. Please retry later."));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we switching this?

Copy link
Collaborator Author

@ylwu-amzn ylwu-amzn Jul 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In AD we have self-defined exceptions under class "AnomalyDetectionException" , this PR need to get concrete error message based on exception class, if it's "AnomalyDetectionException" (and several other exceptions, check RestHandlerUtils class), we will get message from exception directly, otherwise we use general error message to avoid returning verbose error message to user. Check RestHandlerUtils#wrapRestActionListener for details.

Security team has concern about returning verbose error .

@@ -236,7 +244,7 @@ public void accept(GetResponse response) throws Exception {
if (!response.isExists()) {
listener
.onFailure(
new OpenSearchException("Can't find anomaly detector with id:" + response.getId(), RestStatus.NOT_FOUND)
new OpenSearchStatusException("Can't find anomaly detector with id:" + response.getId(), RestStatus.NOT_FOUND)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why didnt we have to change these exception messages?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as this comment https://github.com/opensearch-project/anomaly-detection/pull/150/files/713eb7970db4c021aed87d559f2eba68cb32e129#r680149988. we need to get concrete error message based on exception type. For OpenSearchException, we will return general error message rather than this concrete error message.

Copy link
Contributor

@spbjss spbjss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ylwu-amzn ylwu-amzn merged commit 6843b29 into opensearch-project:main Jul 30, 2021
ohltyler pushed a commit to ohltyler/anomaly-detection-2 that referenced this pull request Sep 1, 2021
… fix hard code query size of historical analysis (opensearch-project#150)

* avoid sending back verbose error message and wrong 500 error to user

Signed-off-by: Yaliang Wu <ylwu@amazon.com>

* put general error message into constants
ohltyler pushed a commit to ohltyler/anomaly-detection-2 that referenced this pull request Sep 1, 2021
… fix hard code query size of historical analysis (opensearch-project#150)

* avoid sending back verbose error message and wrong 500 error to user

Signed-off-by: Yaliang Wu <ylwu@amazon.com>

* put general error message into constants
ohltyler pushed a commit that referenced this pull request Sep 1, 2021
… fix hard code query size of historical analysis (#150)

* avoid sending back verbose error message and wrong 500 error to user

Signed-off-by: Yaliang Wu <ylwu@amazon.com>

* put general error message into constants
@ohltyler ohltyler added the bug Something isn't working label Sep 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants