* FFS, include the filename or whatever else the program is having trouble with.
* If possible, include the source code location.
* If possible, include useful contextual information.
* Quote strings. Once in a while, some unexpected whitespace sneaks in somewhere and this can be hard to figure out.
Eg, don't just abort with "Open failed: NOT_FOUND". Abort with "job.c:2105 Failed to open job description file '/var/spool/jobs/125.json' when processing job #5 for user 'alice': NOT_FOUND".
This way I don't have to strace the damn thing to try and figure out what's it looking for, and know which user it was for, so I don't have to dig around and try and figure out which entry in the database might contain the wrong information.
Also, context-free, generic error messages are awful. A large enough codebase may be impossible to search for some very common keywords.
If possible, googleable error codes are great to have, but they shouldn't replace the error message. It's ideal if you can search the source code and instantly find where the error message originates.
Yup, all of these. Sometimes I look "around" the problem, like, "I found THIS directory but the file 'z.txt' was not in it!" or "Not only could I not find 'z.txt' I could not find THIS directory it was supposed to be in." Check to see that it is really a file, not a directory. "I found 'z.txt' in THIS directory but it was zero bytes in length!"
In terms of "fail early," my larger programs have a section called Pre-Flight Checklist, which looks for files (and that they are files), databases, that the databases have the expected tables and the correct columns, and so on. Are the files sufficiently recent? More or less the expected length? Because this is ETL stuff, it's usually okay to push this stuff up as early as I can.
A couple+ years ago my then employer required I take (what amounted to) Security Training 101 for Software Developers. I believe one of the client orgs expected everyone to go through the program.
That said, Ppetty much everything you're suggesting was considered a bad idea (for security). Mainly because the more details you give away, the more a hacker can understand about the underlying system. The more they probe and possibly break things, the more you're showing your cards.
It was then the bland cryptic error msg made perfect sense to me.
I'm talking here mostly of user-facing local applications -- like what would be in your mail client's logs, or the logs of a corporate service, where the logs are there for the admin's/dev's use.
Of course if you're sending feedback to a potential attacker things change considerably.
I understand. But I'm going to assume the rule would be. Do X. No exceptions. As you know, doing sec means living with a healthy amount of paranoia. Imagine giving an exception and being wrong.
Yes to all - and also don't include boilerplate text, or at least limit it to the minimum polite for your audience.
So if you must show a stack dump:
- don't put in lots of whitespace - it might look pretty but it makes it harder to read/parse.
- if you're giving the error file:line, don't bother showing the source code. If the source is meaningful to the reader, they've probably got access to the code, or are using an IDE.
One thing I've recently started doing when a file related error happens is to retry the command with strace and see which file the program is trying to access
Also, make sure that sensitive information like user's passwords, emails, credit card numbers etc, is filtered out of the logs and not sent to your servers.
* Say what the program was trying to do.
* Make the message unique and searchable.
* Make it detailed.
* FFS, include the filename or whatever else the program is having trouble with.
* If possible, include the source code location.
* If possible, include useful contextual information.
* Quote strings. Once in a while, some unexpected whitespace sneaks in somewhere and this can be hard to figure out.
Eg, don't just abort with "Open failed: NOT_FOUND". Abort with "job.c:2105 Failed to open job description file '/var/spool/jobs/125.json' when processing job #5 for user 'alice': NOT_FOUND".
This way I don't have to strace the damn thing to try and figure out what's it looking for, and know which user it was for, so I don't have to dig around and try and figure out which entry in the database might contain the wrong information.
Also, context-free, generic error messages are awful. A large enough codebase may be impossible to search for some very common keywords.
If possible, googleable error codes are great to have, but they shouldn't replace the error message. It's ideal if you can search the source code and instantly find where the error message originates.