potiuk opened a new pull request, #67501: URL: https://github.com/apache/airflow/pull/67501
The `finally` block in `HttpAccessLogMiddleware` called `logger.info()` without exception protection. If `logger.info()` raised — broken handler, OOM in the formatter, downstream forwarder unavailable — and the original `try` block was already propagating an application exception, Python's `finally`-replacement semantics would discard the original exception in favour of the logger's, so uvicorn would never see the real failure. Reported as F-019 in the [`apache/tooling-agents` L3 ASVS sweep `0920c77`](https://github.com/apache/tooling-agents/issues/23). ## Change Wrap the emit in `contextlib.suppress(Exception)` so logging failures never disrupt the application or mask the original exception. The HTTP response has already been sent to the client by the time we reach the log emit, so swallowing the logger failure costs nothing beyond a missing log line for that one request. ## Test plan - [x] `test_logger_failure_does_not_mask_app_exception` — monkeypatches `logger.info` to raise, then runs an app that also raises; asserts the **app's** exception (`RuntimeError("app exception")`) propagates, not the logger's. - [x] `test_logger_failure_swallowed_on_clean_request` — broken logger but a successful request returns 200 normally. - [x] `prek run ruff` clean. - [x] `prek run mypy-airflow-core` clean. - [x] Full `test_http_access_log.py` suite: 9 passed. --- ##### Was generative AI tooling used to co-author this PR? - [X] Yes — Claude Code (Opus 4.7) Generated-by: Claude Code (Opus 4.7) following [the guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
