From e2faf1141a06dcaaa0d3eff197ea7839566ec296 Mon Sep 17 00:00:00 2001
From: David An <davidan@broadinstitute.org>
Date: Wed, 5 Mar 2025 16:03:05 -0500
Subject: [PATCH 1/2] strip stack traces from ErrorReports before responding

---
 .../dsde/rawls/webservice/RawlsApiService.scala             | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/src/main/scala/org/broadinstitute/dsde/rawls/webservice/RawlsApiService.scala b/core/src/main/scala/org/broadinstitute/dsde/rawls/webservice/RawlsApiService.scala
index 9486d30f3c..6a041e5a5c 100644
--- a/core/src/main/scala/org/broadinstitute/dsde/rawls/webservice/RawlsApiService.scala
+++ b/core/src/main/scala/org/broadinstitute/dsde/rawls/webservice/RawlsApiService.scala
@@ -57,7 +57,7 @@ object RawlsApiService extends LazyLogging {
         complete(
           withErrorReport.errorReport.statusCode.getOrElse(
             StatusCodes.InternalServerError
-          ) -> withErrorReport.errorReport
+          ) -> withErrorReport.errorReport.copy(stackTrace = Seq())
         )
       case rollback: SQLTransactionRollbackException =>
         logger.error(
@@ -65,7 +65,7 @@ object RawlsApiService extends LazyLogging {
           rollback
         )
         Sentry.captureException(rollback)
-        complete(StatusCodes.InternalServerError -> ErrorReport(rollback))
+        complete(StatusCodes.InternalServerError -> ErrorReport(rollback).copy(stackTrace = Seq()))
       case sql: SQLException =>
         val sentryId = Sentry.captureException(sql)
         logger.error(
@@ -90,7 +90,7 @@ object RawlsApiService extends LazyLogging {
           logger.error(e.getMessage)
         }
         Sentry.captureException(e)
-        complete(StatusCodes.InternalServerError -> ErrorReport(e))
+        complete(StatusCodes.InternalServerError -> ErrorReport(e).copy(stackTrace = Seq()))
     }
   }
 

From f45738627701987967777e5726561c111c5f161c Mon Sep 17 00:00:00 2001
From: David An <davidan@broadinstitute.org>
Date: Wed, 5 Mar 2025 16:13:52 -0500
Subject: [PATCH 2/2] hide -priv urls in HttpClientUtils

---
 .../dsde/rawls/util/HttpClientUtils.scala     | 22 ++++++++++++-------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/core/src/main/scala/org/broadinstitute/dsde/rawls/util/HttpClientUtils.scala b/core/src/main/scala/org/broadinstitute/dsde/rawls/util/HttpClientUtils.scala
index c2dbb0c9df..04bdb73acf 100644
--- a/core/src/main/scala/org/broadinstitute/dsde/rawls/util/HttpClientUtils.scala
+++ b/core/src/main/scala/org/broadinstitute/dsde/rawls/util/HttpClientUtils.scala
@@ -34,7 +34,7 @@ trait HttpClientUtils extends LazyLogging {
     executeRequest(http, httpRequest) recover { case t: Throwable =>
       throw new RawlsExceptionWithErrorReport(
         ErrorReport(StatusCodes.InternalServerError,
-                    s"HTTP call failed: ${httpRequest.uri}. Response: ${t.getMessage}",
+                    s"HTTP call failed: ${filterPrivate(httpRequest.uri)}. Response: ${t.getMessage}",
                     t
         )
       )
@@ -44,15 +44,15 @@ trait HttpClientUtils extends LazyLogging {
       } else {
         Unmarshal(response.entity).to[String] map { entityAsString =>
           logger.debug(
-            s"HTTP error status ${response.status} calling URI ${httpRequest.uri}. Response: $entityAsString"
+            s"HTTP error status ${response.status} calling URI ${filterPrivate(httpRequest.uri)}. Response: $entityAsString"
           )
           val message =
             if (response.status == StatusCodes.Unauthorized)
               s"The service indicated that this call was unauthorized. " +
                 s"If you believe this is a mistake, please try your request again. " +
-                s"Error occurred calling uri ${httpRequest.uri}"
+                s"Error occurred calling uri ${filterPrivate(httpRequest.uri)}"
             else
-              s"HTTP error calling URI ${httpRequest.uri}. Response: ${entityAsString.take(1000)}"
+              s"HTTP error calling URI ${filterPrivate(httpRequest.uri)}. Response: ${entityAsString.take(1000)}"
           throw new RawlsExceptionWithErrorReport(ErrorReport(response.status, message))
         }
       }
@@ -64,7 +64,7 @@ trait HttpClientUtils extends LazyLogging {
     executeRequest(http, httpRequest) recover { case t: Throwable =>
       throw new RawlsExceptionWithErrorReport(
         ErrorReport(StatusCodes.InternalServerError,
-                    s"HTTP call failed: ${httpRequest.uri}. Response: ${t.getMessage}",
+                    s"HTTP call failed: ${filterPrivate(httpRequest.uri)}. Response: ${t.getMessage}",
                     t
         )
       )
@@ -80,16 +80,22 @@ trait HttpClientUtils extends LazyLogging {
       } else {
         Unmarshal(response.entity).to[String] map { entityAsString =>
           logger.debug(
-            s"HTTP error status ${response.status} calling URI ${httpRequest.uri}. Response: $entityAsString"
+            s"HTTP error status ${response.status} calling URI ${filterPrivate(httpRequest.uri)}. Response: $entityAsString"
           )
           throw new RawlsExceptionWithErrorReport(
-            ErrorReport(response.status,
-                        s"HTTP error calling URI ${httpRequest.uri}. Response: ${entityAsString.take(1000)}"
+            ErrorReport(
+              response.status,
+              s"HTTP error calling URI ${filterPrivate(httpRequest.uri)}. Response: ${entityAsString.take(1000)}"
             )
           )
         }
       }
     }
+
+  // don't display private Uris to end users
+  private def filterPrivate(uri: Uri): String =
+    if (uri.authority.toString().contains("-priv")) "" else uri.toString()
+
 }
 
 case class HttpClientUtilsStandard()(implicit val materializer: Materializer, val executionContext: ExecutionContext)