Safer error messages #104
Merged
Safer error messages #104
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is a potential attack vector where an error such as
can be abused by students to leak information. For example, a solver could encode the generator's instance into a single (very large) int, and then use it in a proposed solution. This would obviously raise an error, which contains this int. When viewing the logs the error would then expose the other team's instance.
To prevent this I've adopted a two tier error messaging system, each exception we raise has a plain and a detailed error message, with the intention being that the plain error contains static info about the general class of problem that occurred and the detailed containing specifics about this particular situation. The idea then is that we can display the plain error messages in public logs without exposing any information about other team's code, and people can view detailed error messages in logs from test runs on their local machine to get detailed debugging info.
Python has a nice system where you can help with stuff like this by using the
LiteralStringtype which accepts any string that is statically known, so"abc" + "def"is accepted by type checkers, butf"{runtime_var}"is not. This doesn't change runtime behaviour, but makes it easier to catch potential information leaks with linters.