fix: prevent infinite loop in exception cause chains by capping traversal (#200)

subzero10 · web-flow · commit 4ece91da6c14 · 2025-04-22T09:37:11.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG](http://keepachangelog.com/) for how to update this file. This project
 adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
+- Fix: Prevent infinite loop in exception cause chains by capping traversal
 
 ## [0.22.0] - 2025-03-31
 - Fix: `event_type` is not a required key for honeybadger.event()
diff --git a/honeybadger/payload.py b/honeybadger/payload.py
@@ -15,6 +15,9 @@
 
 logger = logging.getLogger("honeybadger.payload")
 
+# Prevent infinite loops in exception cause chains
+MAX_CAUSE_DEPTH = 15
+
 
 def error_payload(exception, exc_traceback, config, fingerprint=None):
     def _filename(name):
@@ -52,6 +55,34 @@ def prepare_exception_payload(exception, exclude=None):
             ],
         }
 
+    def extract_exception_causes(exception):
+        """
+        Traverses the __cause__ chain of an exception and returns a list of prepared payloads.
+        Limits depth to prevent infinite loops from circular references.
+        """
+        causes = []
+        depth = 0
+
+        while (
+            getattr(exception, "__cause__", None) is not None
+            and depth < MAX_CAUSE_DEPTH
+        ):
+            exception = exception.__cause__
+            causes.append(prepare_exception_payload(exception))
+            depth += 1
+
+        if depth == MAX_CAUSE_DEPTH:
+            causes.append(
+                {
+                    "token": str(uuid.uuid4()),
+                    "class": "HoneybadgerWarning",
+                    "type": "HoneybadgerWarning",
+                    "message": f"Exception cause chain truncated after {MAX_CAUSE_DEPTH} levels. Possible circular reference.",
+                }
+            )
+
+        return causes
+
     if exc_traceback:
         tb = traceback.extract_tb(exc_traceback)
     else:
@@ -60,17 +91,11 @@ def prepare_exception_payload(exception, exclude=None):
     logger.debug(tb)
 
     payload = prepare_exception_payload(exception)
+    payload["causes"] = extract_exception_causes(exception)
 
     if fingerprint is not None:
         payload["fingerprint"] = fingerprint and str(fingerprint).strip() or None
 
-    payload["causes"] = []
-
-    # If exception has a __cause__, Recursively build the causes list.
-    while hasattr(exception, "__cause__") and exception.__cause__ is not None:
-        exception = exception.__cause__
-        payload["causes"].append(prepare_exception_payload(exception))
-
     return payload
 
 
diff --git a/honeybadger/tests/test_payload.py b/honeybadger/tests/test_payload.py
@@ -4,7 +4,12 @@
 import os
 import sys
 
-from honeybadger.payload import create_payload, error_payload, server_payload
+from honeybadger.payload import (
+    create_payload,
+    error_payload,
+    server_payload,
+    MAX_CAUSE_DEPTH,
+)
 from honeybadger.config import Configuration
 
 from mock import patch
@@ -93,6 +98,15 @@ def test_error_payload_source_missing_file(_isfile):
         assert payload["backtrace"][0]["source"] == {}
 
 
+def test_payload_with_no_exception_cause():
+    with mock_traceback() as traceback_mock:
+        config = Configuration()
+        exception = Exception("Test")
+
+        payload = error_payload(exc_traceback=None, exception=exception, config=config)
+        assert len(payload["causes"]) == 0
+
+
 def test_payload_captures_exception_cause():
     with mock_traceback() as traceback_mock:
         config = Configuration()
@@ -103,6 +117,52 @@ def test_payload_captures_exception_cause():
         assert len(payload["causes"]) == 1
 
 
+def test_payload_captures_short_exception_cause_chain():
+    with mock_traceback() as traceback_mock:
+        config = Configuration()
+        exception = Exception("Inner test")
+        innerException = Exception("Inner exception")
+        innerException.__cause__ = Exception("Inner cause")
+        exception.__cause__ = innerException
+
+        payload = error_payload(exc_traceback=None, exception=exception, config=config)
+        assert len(payload["causes"]) == 2
+
+
+def test_payload_captures_circular_exception_cause_chain():
+    with mock_traceback() as traceback_mock:
+        config = Configuration()
+        exceptionA = Exception("A")
+        exceptionB = Exception("B")
+        exceptionA.__cause__ = exceptionB
+        exceptionB.__cause__ = exceptionA
+
+        payload = error_payload(exc_traceback=None, exception=exceptionA, config=config)
+        assert len(payload["causes"]) == MAX_CAUSE_DEPTH + 1
+        assert (
+            payload["causes"][-1]["message"]
+            == f"Exception cause chain truncated after {MAX_CAUSE_DEPTH} levels. Possible circular reference."
+        )
+
+
+def test_payload_captures_deep_exception_cause_chain():
+    with mock_traceback() as traceback_mock:
+        config = Configuration()
+        root = Exception("root")
+        current = root
+        for i in range(MAX_CAUSE_DEPTH * 2):
+            e = Exception(i)
+            e.__cause__ = current
+            current = e
+
+        payload = error_payload(exc_traceback=None, exception=current, config=config)
+        assert len(payload["causes"]) == MAX_CAUSE_DEPTH + 1
+        assert (
+            payload["causes"][-1]["message"]
+            == f"Exception cause chain truncated after {MAX_CAUSE_DEPTH} levels. Possible circular reference."
+        )
+
+
 def test_error_payload_with_nested_exception():
     with mock_traceback() as traceback_mock:
         config = Configuration()
