fix: return 400 instead of 500 for user-caused process start failures#197
fix: return 400 instead of 500 for user-caused process start failures#197hiroTamada merged 2 commits intomainfrom
Conversation
Bad commands (not found, bad path, permission denied) were returning 500, polluting backend alerts and analytics. Map these to 400 since they are client input errors, not server failures. Made-with: Cursor
hiroTamada
requested review from
Sayan- and
rgarcia
and removed request for
rgarcia
|
generally lgtm ^^ |
Add exec.ErrDot, syscall.EISDIR, syscall.ENOEXEC, syscall.ENOTDIR. Made-with: Cursor
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| return errors.Is(err, exec.ErrNotFound) || | ||
| errors.Is(err, exec.ErrDot) || | ||
| errors.Is(err, os.ErrNotExist) || | ||
| errors.Is(err, os.ErrPermission) || |
There was a problem hiding this comment.
os.ErrPermission catches server-side EPERM as user error
Medium Severity
errors.Is(err, os.ErrPermission) matches both syscall.EACCES and syscall.EPERM due to Go's Errno.Is mapping. Only EACCES (file permission denied) is a user-input error. EPERM (operation not permitted) can arise from server-side issues — most notably when AsRoot or AsUser sets SysProcAttr.Credential but the server lacks CAP_SETUID/CAP_SETGID. In that case cmd.Start() fails with EPERM, which gets misclassified as a 400 instead of 500, masking a server configuration problem. Using syscall.EACCES directly instead of os.ErrPermission would avoid catching EPERM.
Additional Locations (1)
There was a problem hiding this comment.
I think 400 is fine for now in this case
3 participants
Summary
/process/execand/process/spawnwere returning 500 whencmd.Start()failed due to user input (command not found, bad path, permission denied), inflating our 5xx error rate and triggering false backend alertsisUserCmdErrorhelper that detectsexec.ErrNotFound,os.ErrNotExist, andos.ErrPermission— these map to 400 since they're client input errorsTest plan
TestProcessExec_CommandNotFound— verifies exec returns 400 for missing binaryTestProcessSpawn_CommandNotFound— verifies spawn returns 400 for missing binarygo test -v -race)Made with Cursor
Note
Low Risk
Low risk: changes only error classification/HTTP status codes for process start failures in
/process/execand/process/spawn, with added coverage to prevent regressions.Overview
Adjusts
/process/execand/process/spawnto treat common user-caused start failures (e.g., command not found, bad path/permissions, invalid executable) as400 Bad Requestinstead of500, reducing misleading 5xx alerts.Adds an
isUserCmdErrorhelper to centralize this detection and new tests verifying both exec and spawn return400for a nonexistent command.Written by Cursor Bugbot for commit 30d1881. This will update automatically on new commits. Configure here.