Improve detection and warning of process warnings #59646
Assignees
Labels
Feature:Hardening
Harding of Kibana from a security perspective
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
watson
added
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
watson
added a commit
that referenced
this issue
Mar 12, 2020
Crash Kibana in dev/CI if a process warning is detected. This does not influence how Kibana behaves in production when run via `./bin/kibana` as there the `--no-warnings` flag is used. We will detect this flag and as a result, disable this behavior. Previously we used the flags `--trace-warnings --throw-deprecation` when you started Kibana via `yarn start` and we used `--throw-deprecation` in CI. This meant that we would only crash on deprecation warnings and log a stack trace for all other types of warnings. There were a couple of drawbacks to this approach: 1. If the deprecated API was called in a place enclosed in a try-catch (or inside of a Promise or an async/await context), the throw would be caught and the program would not crash. 2. If you ran `./scripts/kibana` directly instead of running `yarn start`, you would not get these flags automatically. 3. If you ran any of our tests locally you would not get the standard CI flags. This meant something that might seem to pass locally would not pass in CI. This commit changes this behavior by ensuring: - That we always crash - no matter if the offending code is surrounded by a try-catch (etc). - That you always get the same behavior whether you run `yarn start` or `./scripts/kibana`. - That you always get the same behavior in CI or if you run individual tests locally. Furthermore, we now crash for all types of warnings - not only deprecation warnings (except `MaxListenersExceededWarning`). Closes #59646
watson
added a commit
to watson/kibana
that referenced
this issue
Mar 12, 2020
Crash Kibana in dev/CI if a process warning is detected. This does not influence how Kibana behaves in production when run via `./bin/kibana` as there the `--no-warnings` flag is used. We will detect this flag and as a result, disable this behavior. Previously we used the flags `--trace-warnings --throw-deprecation` when you started Kibana via `yarn start` and we used `--throw-deprecation` in CI. This meant that we would only crash on deprecation warnings and log a stack trace for all other types of warnings. There were a couple of drawbacks to this approach: 1. If the deprecated API was called in a place enclosed in a try-catch (or inside of a Promise or an async/await context), the throw would be caught and the program would not crash. 2. If you ran `./scripts/kibana` directly instead of running `yarn start`, you would not get these flags automatically. 3. If you ran any of our tests locally you would not get the standard CI flags. This meant something that might seem to pass locally would not pass in CI. This commit changes this behavior by ensuring: - That we always crash - no matter if the offending code is surrounded by a try-catch (etc). - That you always get the same behavior whether you run `yarn start` or `./scripts/kibana`. - That you always get the same behavior in CI or if you run individual tests locally. Furthermore, we now crash for all types of warnings - not only deprecation warnings (except `MaxListenersExceededWarning`). Closes elastic#59646
watson
added a commit
that referenced
this issue
Mar 12, 2020
Crash Kibana in dev/CI if a process warning is detected. This does not influence how Kibana behaves in production when run via `./bin/kibana` as there the `--no-warnings` flag is used. We will detect this flag and as a result, disable this behavior. Previously we used the flags `--trace-warnings --throw-deprecation` when you started Kibana via `yarn start` and we used `--throw-deprecation` in CI. This meant that we would only crash on deprecation warnings and log a stack trace for all other types of warnings. There were a couple of drawbacks to this approach: 1. If the deprecated API was called in a place enclosed in a try-catch (or inside of a Promise or an async/await context), the throw would be caught and the program would not crash. 2. If you ran `./scripts/kibana` directly instead of running `yarn start`, you would not get these flags automatically. 3. If you ran any of our tests locally you would not get the standard CI flags. This meant something that might seem to pass locally would not pass in CI. This commit changes this behavior by ensuring: - That we always crash - no matter if the offending code is surrounded by a try-catch (etc). - That you always get the same behavior whether you run `yarn start` or `./scripts/kibana`. - That you always get the same behavior in CI or if you run individual tests locally. Furthermore, we now crash for all types of warnings - not only deprecation warnings (except `MaxListenersExceededWarning`). Closes #59646
jkelastic
pushed a commit
to jkelastic/kibana
that referenced
this issue
Mar 12, 2020
Crash Kibana in dev/CI if a process warning is detected. This does not influence how Kibana behaves in production when run via `./bin/kibana` as there the `--no-warnings` flag is used. We will detect this flag and as a result, disable this behavior. Previously we used the flags `--trace-warnings --throw-deprecation` when you started Kibana via `yarn start` and we used `--throw-deprecation` in CI. This meant that we would only crash on deprecation warnings and log a stack trace for all other types of warnings. There were a couple of drawbacks to this approach: 1. If the deprecated API was called in a place enclosed in a try-catch (or inside of a Promise or an async/await context), the throw would be caught and the program would not crash. 2. If you ran `./scripts/kibana` directly instead of running `yarn start`, you would not get these flags automatically. 3. If you ran any of our tests locally you would not get the standard CI flags. This meant something that might seem to pass locally would not pass in CI. This commit changes this behavior by ensuring: - That we always crash - no matter if the offending code is surrounded by a try-catch (etc). - That you always get the same behavior whether you run `yarn start` or `./scripts/kibana`. - That you always get the same behavior in CI or if you run individual tests locally. Furthermore, we now crash for all types of warnings - not only deprecation warnings (except `MaxListenersExceededWarning`). Closes elastic#59646
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We landed stricter detection of deprecation warnings in #51431. This was primarily achieved by using the
--throw-deprecationflag. This, however, will be caught if the offending code is surrounded by a try-catch, which means any deprecated API used synchronously inside of a promise or in an async-await context will be caught and not exit the process, which in turn most likely means that it will go unnoticed.We should improve this by crashing the process even in these cases (by utilizing
process.on('warning')).The text was updated successfully, but these errors were encountered: