Tool to populate your code with traceable and secure error codes

Overview

isecode

Tool to populate your code with traceable and secure error codes

Problem

Essential part of any project, especially customer facing is proper and secure error handling. When error happens and customer reports it, it would be nice to know the context of the error and where it exactly occured. For example, if user tried to login and we tried to fetch a record about this user from the db, there is a number of things that could go wrong. Maybe db server is down, maybe number of connections is exhausted, maybe user deleted their account previously, maybe somebody accessed the db and altered the data. For each of those situations your code can do a check but for a security reasons you will never disclose this information to a user. For the same reason, you wouldn't return stack trace to the user as it could give confidential information aobut your system to the end user which can be used to breach the infrastructure.

Instead it's very often to return a cryptic error like:

"Something went wrong, please contact us."

When trying to debug the problem and help the customer, it's very hard to troubleshoot given the above (on purpose) non-verbose error. Customer might explain what they tried to do and what was the issue but that information is not always complete and reliable. As explained in the example above it wouldn't exactly pinpoint the underlying reason for why customer is facing the issue.

It would be nice to be able to pinpoint where problem occurs to the specific line of the code.

Solution

I made this simple tool to help with this problem. Whenver you find a line of code where you need to return an error but can't explain the user why error happend (for example, Internal Server Error), you can add predefined string like "ISE_CODE" and run this cli tool. Tool will search all the matching files in given path containing your code and replace the string "ISE_CODE" with a unique number. So if you wrote a code that returns an error with following text:

"ERROR ISE_CODE: Something went wrong, please contact us."

this tool will find all the occurences of the "ISE_CODE" string and replace it with the unique numbers to look like:

"ERROR 7248152: Something went wrong, please contact us."

Now if your user reports having an issue, they can give you this error number and you can search your code base for this number and instantly pinpoint the code line where issue occured. All of that without exposing too much information to the user.

Requirements

This tool is written in golang. It doesn't require golang to run, but it does require golang to compile from source. It also depends on config file (read bellow more about it).

How to download?

At the moment I haven't compiled the binary release so you will need to do it yourself. Luckily the process is very simple and it requires just one line command:

    go get github.com/vsrc/isecode

If you have any problems compiling your binary, you can file an issue and I will try to compile it and release it for your architecture platform.

How to use?

Simpliest way to use it by copying file isecode.json into your project working directory and then running command:

    isecode

Optionally you can run the command with following options:

 # specify path to your project working directory or any directory where this tool should look for files to inject isecode numbers (default to the current directory where you run the command)
-p [VALUE] or --path [VALUE]

# path to the config file (default is isecode.json in the current directory where you run the command)
-c [VALUE] or --config [VALUE]

# show help
-h or --help

How to configure?

This tool relies on being supplied with configuration file which has to be in the json format. For example please take a look at the isecode.json provided in this repository. Config file has to contain following settings:

  • "LAST_NUMBER": number from which this tool will incrementally add isecode numbers in your code. For each placeholder you put in your code, this tool will replace it with "LAST_NUMBER" + 1 and after successfully injecting the number in your code it will overwrite "LAST_NUMBER" in your config file with that number.

  • "MATCH_STRING": a placeholder string this tool will look for in your code and replace it with a number, for example: "ISE_CODE"

  • "MATCH_FILES": a regex expression if you want to filter which type of files this tool should look for, for example: "*.go" will set to look only for files that end with .go extension

What isecode stands for?

An acronym for Internal Server Error Code. Not imaginative name, I agree but if you have suggestions feel free to create an issue and I will take a look.

TODO Whishlist

These are the things I would like to improve this project with. If you want to suggest any other feel free to file an issue or contact me. If you want to improve this code feel free to submit a PR, I will gladly take a look.

  • Set default options for config parameters making it optional to have configuration file
  • If there is enough interest, add a watcher so that this tool can optionally be a long running process, injecting isecode numbers on file save
  • If there is enough interest, add a format option for the isecode injection so if you want to inject specific error message beside the code number everyhere it occurs, you don't have to do it manually resolved by adding the option for prefix in the v1.0.1, it accepts any string
  • TESTS!!! ๐Ÿ˜ฌ ๐Ÿ˜ฌ ๐Ÿ˜ฌ ๐Ÿ˜ฌ ๐Ÿ˜ฌ ๐Ÿ˜ฌ ๐Ÿ˜ฌ ๐Ÿ˜ฌ ๐Ÿ˜ฌ ๐Ÿ˜ฌ ๐Ÿ˜ฌ (not a single test written yet)

Contact me

If you would like to contact me about this project or anything else feel free to reach me out: https://veddy.me/

Updates

  • v1.0.1 added option in the configuration file to add a code prefix which will prepend error codes with whatever string you put there. Useful if you use this tool on multiple libraries and you import them into the same project. Thanks to @yangjuncode and @pycckuu for suggesting this in the issue #1
Issues
  • may be a module name before err code is needed

    may be a module name before err code is needed

    when multiple lib being imported, it will be conflict when no moudle name as prefix.

    "ERROR 7248152: Something went wrong, please contact us." vs "ERROR modulename-7248152: Something went wrong, please contact us."

    of course, modulename default to empty when in small program.

    opened by yangjuncode 3
Analyzer: debugcode finds debug codes

debugcode debugcode finds debug codes. builtinprint: finds calling builtin print or println. commentout: finds a commented out debug code without reas

GoStaticAnalysis 7 Aug 16, 2021
The Golang linter that checks that there is no simultaneous return of `nil` error and an invalid value.

nilnil Checks that there is no simultaneous return of nil error and an invalid value. Installation & usage $ go install github.com/Antonboom/[email protected]

Anton Telyshev 10 Jun 23, 2022
Go linter that checks types that are json encoded - reports unsupported types and unnecessary error checks

Checks types passed to the json encoding functions. Reports unsupported types and reports occations, where the check for the returned error can be omited.

Lucas Bremgartner 26 Jun 17, 2022
A Golang tool that does static analysis, unit testing, code review and generate code quality report.

goreporter A Golang tool that does static analysis, unit testing, code review and generate code quality report. This is a tool that concurrently runs

360 Enterprise Security Group, Endpoint Security, inc. 3k Aug 5, 2022
๐Ÿถ Automated code review tool integrated with any code analysis tools regardless of programming language

reviewdog - A code review dog who keeps your codebase healthy. reviewdog provides a way to post review comments to code hosting service, such as GitHu

reviewdog 5.4k Aug 17, 2022
๐Ÿถ Automated code review tool integrated with any code analysis tools regardless of programming language

reviewdog - A code review dog who keeps your codebase healthy. reviewdog provides a way to post review comments to code hosting service, such as GitHu

reviewdog 5.3k Aug 8, 2022
Sloc, Cloc and Code: scc is a very fast accurate code counter with complexity calculations and COCOMO estimates written in pure Go

Sloc Cloc and Code (scc) A tool similar to cloc, sloccount and tokei. For counting physical the lines of code, blank lines, comment lines, and physica

Ben Boyter 3.7k Aug 10, 2022
The most opinionated Go source code linter for code audit.

go-critic Highly extensible Go source code linter providing checks currently missing from other linters. There is never too much static code analysis.

null 1.4k Aug 16, 2022
๐Ÿ”’๐ŸŒ Security scanner for your Terraform code

????tfsec uses static analysis of your terraform templates to spot potential security issues.

tfsec 4.9k Aug 15, 2022
Know when GC runs from inside your golang code

gcnotifier gcnotifier provides a way to receive notifications after every run of the garbage collector (GC). Knowing when GC runs is useful to instruc

Carlo Alberto Ferraris 168 Jun 10, 2022
Detect non-inclusive language in your source code.

Detect non-inclusive language in your source code. I stay woke - Erykah Badu Creating an inclusive work environment is imperative to a healthy, suppor

woke 337 Aug 9, 2022
depth is tool to retrieve and visualize Go source code dependency trees.

depth is tool to retrieve and visualize Go source code dependency trees. Install Download the appropriate binary for your platform from the Rele

Kyle Banks 773 Aug 7, 2022
Refactoring and code transformation tool for Go.

gopatch is a tool to match and transform Go code. It is meant to aid in refactoring and restyling.

Uber Go 481 Aug 5, 2022
Manage your repository's TODOs, tickets and checklists as config in your codebase.

tickgit ??๏ธ tickgit is a tool to help you manage latent work in a codebase. Use the tickgit command to view pending tasks, progress reports, completio

Augmentable 278 Jul 30, 2022
a tool for code clone detection

dupl dupl is a tool written in Go for finding code clones. So far it can find clones only in the Go source files. The method uses suffix tree for seri

Michal Bohuslรกvek 286 Aug 2, 2022
a simple golang SSA viewer tool use for code analysis or make a linter

ssaviewer A simple golang SSA viewer tool use for code analysis or make a linter ssa.html generate code modify from src/cmd/compile/internal/ssa/html.

null 7 May 17, 2022
This static analysis tool works to ensure your program's data flow does not spill beyond its banks.

Go Flow Levee This static analysis tool works to ensure your program's data flow does not spill beyond its banks. An input program's data flow is expl

Google 166 Aug 8, 2022
A reference for the Go community that covers the fundamentals of writing clean code and discusses concrete refactoring examples specific to Go.

A reference for the Go community that covers the fundamentals of writing clean code and discusses concrete refactoring examples specific to Go.

Lasse Martin Jakobsen 2.2k Aug 8, 2022