Hey Guys!
I was recently help test a new League cog and we came upon an error where the API we where triggering responded with a Error 500. Now this is totally normal and has nothing to do with Red.
However the Error message it outputs when it get's an Error 500 reveals the API key for that specific command. This can be a security issue, especially if these API keys have rate limits etc.
There is no way to get Red to suppress this message on the cog's side since the message is a default Red reaction. One way of doing it would be to get Red to delete a message when it sees it pop up but that would mean posting it to Discord before then.
Could there be a way to get Cog's to opt to send the error message to the bot owner instead of posting it in the open?
Thank you!
If it's returning the text of the error message in json, you could parse the key out or just make your own custom error message for the bot to send
I brought up the concern when we originally implemented this but I couldn't find any example to back it up.
I'm not sure how to tackle the issue yet.
We could remove it (it's arguably not that useful since most of the time you'll go look at the traceback anyway), having it enabled only in debug mode or just DM the owner (which could turn out to be annoying).
In general, if you need to handle a specific error in your cog, then write a try/catch for it.
If you just want to override the oneliner for the command while keeping the trace, do something like:
try:
pass # command code goes here
except Exception as e:
raise Exception('Something went wrong!') from e
Most helpful comment
In general, if you need to handle a specific error in your cog, then write a try/catch for it.
If you just want to override the oneliner for the command while keeping the trace, do something like: