An emtpy function response when linked to an API endpoint returns the entire run output

[berndtj]

Bug Report

Define a simple function blank.py:

def handle(ctx, payload):
    return(radio)

Link this to an api endpoint:

dispatch create api blank blank --path /blank --method POST --method GET --https-only

Curl the new endpoint:

curl https://api-radio-demo-02.dispatchframework.io/blank
{"faasId":"0d482996-3f6e-4648-ae7f-d2ed45f48a4e","reason":null,"tags":{},"finishedTime":1527037841,"name":"e9c18860-4953-4796-ac0a-56589718c281","input":{"functionName":"blank"},"status":"READY","services":null,"secrets":null,"functionId":"1e07d3bb-129e-4709-a674-669ed628bd70","functionName":"blank","logs":{"stderr":null,"stdout":null},"httpContext":{"host":"api-radio-demo-02.dispatchframework.io","accept":"*\/*","request":"GET \/blank HTTP\/1.1","user-agent":"curl\/7.54.0","upstream-uri":"\/v1\/runs","cookie":"cookie","uri":"\/blank","args":"functionName=blank","server-protocol":"HTTP\/1.1","scheme":"https","request-uri":"\/blank","method":"GET"},"blocking":true,"executedTime":1527037841}

Note that if your return anything at all, we just get back the returned value

Expected behavior

I would expect a nil response

Current behavior

Steps to reproduce

Impact

• Low - Annoyance, but does not impact business or functionality
• Medium - Issue can be worked around, but is causing pain
• High - Blocker

Possible solution

Your Environment

• Dispatch CLI version (or git commit):
• Dispatch Chart version (or image[s] tag):
• Operating System and version:
• Kubernetes version (and distribution):
• Etc (any other useful environmental information):

[tenczar]

I would mark the impact of this as high. This has the potential to leak secrets to anyone that hits that endpoint.

[berndtj]

Good point

…

Sent from my iPhone On May 23, 2018, at 11:04, tenczar <[email protected]<mailto:[email protected]>> wrote: I would mark the impact of this as high. This has the potential to leak secrets to anyone that hits that endpoint. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vmware_dispatch_issues_472-23issuecomment-2D391443472&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=x6VNflU2EgRdj6riWp56iQ&m=V0KZGTLmcwNDhJ8YcHGRItKs0DtMycYtXRbPbb6blek&s=fSXjl31qHC0PwQLvsCWBRKLT6imal07cew7tXLC5s-g&e=>, or mute the thread<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AAExbye6RAk4rfUJEJk6gLXszvlnT58jks5t1aSZgaJpZM4UJnsd&d=DwMCaQ&c=uilaK90D4TOVoH58JNXRgQ&r=x6VNflU2EgRdj6riWp56iQ&m=V0KZGTLmcwNDhJ8YcHGRItKs0DtMycYtXRbPbb6blek&s=SKjjITLYdtdwr6nVbx6EFH-eZD4F_NyH2-8oh3QWuCI&e=>.