Hey,
I am trying to test the updated error codes in release 1.18 and I have noticed some anomaly in the format of an error message PERMISSION_DENIED category id 7.
According to the DA documentation the custom message should have this format:
whereas, The error PERMISSION_DENIED is giving response as:
13:39:38.894 [main] INFO c.a.d.i.t.s.ContractInteractionSteps - Got stream response: Optional[CompletionStreamResponse{checkpoint=Optional[Checkpoint{recordTime=2022-03-10T02:39:38.778Z, offset=LedgerOffset.Absolute(000000000000008
60000000000000000)}], completions=[command_id: "COM-SF15f46"
status {
code: 7
message: "An error occurred. Please contact the operator and inquire about the request a737eb3c-78d8-4884-b088-2caee26fee6a"
details {
type_url: "type.googleapis.com/google.rpc.ErrorInfo"
value: "\n$SUBMITTER_CANNOT_ACT_VIA_PARTICIPANT\032\030\n\017definite_answer\022\005false"
}
details {
type_url: "type.googleapis.com/google.rpc.RequestInfo"
value: "\n$a737eb3c-78d8-4884-b088-2caee26fee6a"
}
}
where the message field is missing with the required error information that is mentioned in the format.
NOTE: Other errors codes are following the format as defined in documentation.
Any Suggestions? Thank you!
Hi Pal. That anomaly is intended for security sensitive issues. For any error that could leak information to an attacker, the system will return via the API an error message that should not leak any valuable information. However, the log file will contain the full error message.
However, skimming through the documentation, I noticed that this isnβt properly documented.
Also, whether this particular error is a security sensitive error where we should suppress information or not is a debate that just got started internally β¦
Anyway, if you upgrade to 2.0.0, the error behaviour of the sandbox will change as the new sandbox is canton based.
Is it better to use the error details to get the error code and category (instead of error message)? Seems in this example the error details contains more information than the message.
However, in this case, you stumbled on an issue where security sensitive messages were suppressed on the API, but the details still leaked through the GRPC rich error. This has been fixed in the meantime.