Item12862: Foswiki error message needs to be more specific (No such file or directory)
Priority: Enhancement
Current State: Confirmed
Released In: n/a
Target Release: n/a
Applies To: Engine
Component:
Branches:
I just tripped over
Item11481 which was filed as Urgent in 2012.
I have a web,
Typedia
and a subweb,
BAAPT
. I put the
VARCACHE
directive into
BAAPT.LibraryIndex
and got an error (no oops template) telling me to look at the error log.
Foswiki detected an internal error - please check your Foswiki logs and webserver logs for more information.
Can't create file path - No such file or directory
This is not a helpful error message.
- What program was trying to create a file path?
- What file path could not be created?
- What file or directory was expected (
no such...
)
Keep in mind that many people host Foswiki on a site-hosting service; they don't have direct access to the error log and the error log on the server is shared (therefore
huge). They need more information.
When I reviewed the error log, I found this:
(Keep in mind that I had to scroll
back from the current end of the log file to get all of this... and I had no idea what I was searching for.)
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] Can't create file /WWW
/web/cfcl/foswiki119/working/work_areas/VarCachePlugin/Typedia/BAAPT_LibraryIndex - No such file or directory, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] at /System/Library/Perl/5.10.0/CGI/Carp.pm line 356, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tCGI::Carp::realdie('Can\\'t create file /WWW/web/cfcl/foswiki119/working/work_area...') called at /System/Library/Perl/5.10.0/CGI/Carp.pm line 437, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tCGI::Carp::die('Can\\'t create file /WWW/web/cfcl/foswiki119/working/work_area...') called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki/Func.pm line 2789, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::Func::saveFile('/WWW/web/cfcl/foswiki119/working/work_areas/VarCachePlugin/Ty...', '---+ BAAPT Lending Library Index\\x{a}\\x{a}<!--\\x{a} CAUTION...') called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki/Plugins/VarCachePlugin.pm line 72, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::Plugins::VarCachePlugin::afterCommonTagsHandler('---+ BAAPT Lending Library Index\\x{a}\\x{a}<!--\\x{a} CAUTION...', 'LibraryIndex', 'Typedia/BAAPT', 'Foswiki::Meta=HASH(0x100c67dd0)') called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki/Plugin.pm line 294, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::Plugin::invoke('Foswiki::Plugin=HASH(0x100d52578)', 'afterCommonTagsHandler', '---+ BAAPT Lending Library Index\\x{a}\\x{a}<!--\\x{a} CAUTION...', 'LibraryIndex', 'Typedia/BAAPT', 'Foswiki::Meta=HASH(0x100c67dd0)') called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki/Plugins.pm line 341, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::Plugins::dispatch('Foswiki::Plugins=HASH(0x100a9e608)', 'afterCommonTagsHandler', '---+ BAAPT Lending Library Index\\x{a}\\x{a}<!--\\x{a} CAUTION...', 'LibraryIndex', 'Typedia/BAAPT', 'Foswiki::Meta=HASH(0x100c67dd0)') called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki.pm line 3380, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::expandMacros('Foswiki=HASH(0x100a8d230)', '---+ BAAPT Lending %SPACEOUT{%TOPIC%}%\\x{a}\\x{a}<!--\\x{a} C...', 'Foswiki::Meta=HASH(0x100c67dd0)') called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki/Meta.pm line 3103, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::UI::View::_prepare('---+ BAAPT Lending %SPACEOUT{%TOPIC%}%\\x{a}\\x{a}<!--\\x{a} C...', 'Foswiki::Meta=HASH(0x100c67dd0)', 0) called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki/UI/View.pm line 392, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::UI::View::view('Foswiki=HASH(0x100a8d230)') called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki/UI.pm line 316, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::UI::__ANON__() called at /Library/Perl/5.10.0/Error.pm line 419, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \teval {...} called at /Library/Perl/5.10.0/Error.pm line 411, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tError::subs::try('CODE(0x100804d20)', 'HASH(0x100a8cdf8)') called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki/UI.pm line 435, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::UI::_execute('Foswiki::Request=HASH(0x100844428)', 'CODE(0x10089fa88)', 'view', 1) called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki/UI.pm line 274, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::UI::handleRequest('Foswiki::Request=HASH(0x100844428)') called at /Volumes/Datastore/Local/WWW/web/cfcl/foswiki119/lib/Foswiki/Engine/CGI.pm line 74, referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
[Mon Apr 21 10:31:51 2014] [error] [client 192.168.1.206] \tFoswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x1008e75d8)') called at /WWW/web/cfcl/foswiki/bin/view line 24., referer: http://wiki.cfcl.com/bin/edit/Typedia/BAAPT/LibraryIndex?t=1398101388;nowysiwyg=1
Now, imagine contacting Tech Support at the hosting company (or even just being someone who installed Foswiki) and trying to figure out
what went wrong.
Then imagine that these error messages are interspersed with a few dozen others from other clients of the same hosting company.
--
VickiBrown - 21 Apr 2014
It's pretty important to not expose file system paths to the end user. That can be used by an attacker to learn things about the system hosting Foswiki. So this message is intentionally vague, as is any message that shows file system paths. They are replaced with "path".
If you want more meaningful messages for these types of failures, enable
$ENV{FOSWIKI_ASSERTS} = 1;
in
bin/LocalLib.cfg
. This does more thorough checking internally, but also will return the full traceback of any errors to the browser.
--
GeorgeClark - 21 Apr 2014
So, don't expose the
full file path. The last few elements would be enough. Although, seriously?? this is a file path under the working directory, under the foswiki directory. It's not going to tell an attacker ANYTHING about the "system hosting Foswiki". This is not a security risk. (Please tell me you hadn't thought this through when you commented above!)
Also, this wasn't a support request. This isn't something where I wanted someone to tell me what I can personally do to perhaps make some error messages more clear.
This is a report of a bad user experience.
We do want a good user experience, don't we? Or do we not want users?
(If I have to tell a client to "enable
$ENV{FOSWIKI_ASSERTS} = 1;
in
bin/LocalLib.cfg
" to avoid this sort of fatal yet otherwise unhelpful error, I'm much more likely to suggest the client enable TWiki.)
--
VickiBrown - 22 Apr 2014
The path sanitizing isn't done by Foswiki. It's done in the
CPAN:Error routines, set up in the BEGIN block of Foswiki.pm. TWiki.pm has the same code, so I'd expect the same results.
I'm certainly not suggesting that clients enable asserts. Whether the user gets a stack dump, or an abbreviated dump, neither case is acceptable. The point is I think, these messages just should not occur. If you are getting them then something else is seriously wrong. And you pointed out that the underlying error in this case is a bug in the
VarCachePlugin.
I'll marked this confirmed, but I can't imagine how formatting of an error message that should never occur is blocking for the next release of Foswiki. I think that the offending code is line 166 of Foswiki.pm (and around line 196 of TWiki.pm)
$Error::Debug = 0; # no verbose stack traces
That would have to be changed to a custom sig handler to intercept the perl stack trace and do custom formatting of the path information.
Regarding
VarCachePlugin where this original error occurred, we don't currently have a maintainer for that extension. If you have the facilities to work on the open tasks of that particular extension, it would be helpful. I don't have any sites using that extension.
--
GeorgeClark - 22 Apr 2014