From 8c009f2c5ed3e56fdb3dc695b8a1a6a5763d850d Mon Sep 17 00:00:00 2001
From: Samantha Frank <hello@entropy.cat>
Date: Thu, 26 Sep 2024 11:20:26 -0400
Subject: [PATCH] WFE: Suppress logging of probs.PausedProblem (#7719)

Instead of logging the message shown to the caller, log "429 ::
rateLimited :: account/ident pair is paused"
---
 probs/probs.go         | 3 ++-
 web/send_error.go      | 9 ++++++++-
 web/send_error_test.go | 9 +++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/probs/probs.go b/probs/probs.go
index 24c4c677e71..b462506e288 100644
--- a/probs/probs.go
+++ b/probs/probs.go
@@ -27,6 +27,7 @@ const (
 	InvalidContactProblem        = ProblemType("invalidContact")
 	MalformedProblem             = ProblemType("malformed")
 	OrderNotReadyProblem         = ProblemType("orderNotReady")
+	PausedProblem                = ProblemType("rateLimited")
 	RateLimitedProblem           = ProblemType("rateLimited")
 	RejectedIdentifierProblem    = ProblemType("rejectedIdentifier")
 	ServerInternalProblem        = ProblemType("serverInternal")
@@ -220,7 +221,7 @@ func RateLimited(detail string) *ProblemDetails {
 // Paused returns a ProblemDetails representing a RateLimitedProblem error
 func Paused(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       RateLimitedProblem,
+		Type:       PausedProblem,
 		Detail:     detail,
 		HTTPStatus: http.StatusTooManyRequests,
 	}
diff --git a/web/send_error.go b/web/send_error.go
index f071b1db33f..8c0e8e0f77f 100644
--- a/web/send_error.go
+++ b/web/send_error.go
@@ -37,8 +37,15 @@ func SendError(
 		response.WriteHeader(http.StatusInternalServerError)
 	}
 
+	// Suppress logging of the "Your account is temporarily prevented from
+	// requesting certificates" error.
+	var primaryDetail = prob.Detail
+	if prob.Type == probs.PausedProblem {
+		primaryDetail = "account/ident pair is paused"
+	}
+
 	// Record details to the log event
-	logEvent.Error = fmt.Sprintf("%d :: %s :: %s", prob.HTTPStatus, prob.Type, prob.Detail)
+	logEvent.Error = fmt.Sprintf("%d :: %s :: %s", prob.HTTPStatus, prob.Type, primaryDetail)
 	if len(prob.SubProblems) > 0 {
 		subDetails := make([]string, len(prob.SubProblems))
 		for i, sub := range prob.SubProblems {
diff --git a/web/send_error_test.go b/web/send_error_test.go
index b59eb2a42a9..0360efe2f5b 100644
--- a/web/send_error_test.go
+++ b/web/send_error_test.go
@@ -8,6 +8,7 @@ import (
 	berrors "github.com/letsencrypt/boulder/errors"
 	"github.com/letsencrypt/boulder/identifier"
 	"github.com/letsencrypt/boulder/log"
+	"github.com/letsencrypt/boulder/probs"
 	"github.com/letsencrypt/boulder/test"
 )
 
@@ -94,3 +95,11 @@ func TestSendErrorSubProbLogging(t *testing.T) {
 
 	test.AssertEquals(t, logEvent.Error, `400 :: malformed :: dfoop :: bad ["example.com :: malformed :: dfoop :: nop", "what about example.com :: malformed :: dfoop :: nah"]`)
 }
+
+func TestSendErrorPausedProblemLoggingSuppression(t *testing.T) {
+	rw := httptest.NewRecorder()
+	logEvent := RequestEvent{}
+	SendError(log.NewMock(), rw, &logEvent, probs.Paused("I better not see any of this"), nil)
+
+	test.AssertEquals(t, logEvent.Error, "429 :: rateLimited :: account/ident pair is paused")
+}