feat: add option to replace traceback on errors

Showing a traceback can be a security risk in a context such as Voila.
(for instance showing paths, usernames or values in the exception message)

Similar to what we do at notebook execution time at:
voila-dashboards/voila#758

here we also disable the transfer of tracebacks at runtime.

Author: maartenbreddels

jupyter_server/services/kernels/handlers.py

@@ -323,6 +323,10 @@ def write_stderr(error_message):
         channel = getattr(stream, 'channel', None)
         msg_type = msg['header']['msg_type']
 
+        if channel == 'iopub' and msg_type == 'error':
+            self._on_error(msg)
+
+
         if channel == 'iopub' and msg_type == 'status' and msg['content'].get('execution_state') == 'idle':
             # reset rate limit counter on status=idle,
             # to avoid 'Run All' hitting limits prematurely.
@@ -475,6 +479,12 @@ def on_restart_failed(self):
         logging.error("kernel %s restarted failed!", self.kernel_id)
         self._send_status_message('dead')
 
+    def _on_error(self, msg):
+        if self.kernel_manager.allow_tracebacks:
+            return
+        msg['content']['ename'] = 'ExecutionError'
+        msg['content']['evalue'] = 'Execution error'
+        msg['content']['traceback'] = [self.kernel_manager.traceback_replacement_message]
 
 #-----------------------------------------------------------------------------
 # URL to handler mappings

jupyter_server/services/kernels/kernelmanager.py

@@ -131,6 +131,18 @@ def __init__(self, **kwargs):
         """
     )
 
+    allow_tracebacks = Bool(True, config=True, help=(
+        'Whether to send tracebacks to clients on exceptions.'
+    ))
+
+    traceback_replacement_message = Unicode(
+        'An exception occurred at runtime, which is not shown due to security reasons.',
+        config=True,
+        help=(
+            'Message to print when allow_tracebacks is False, and an exception occurs'
+        )
+    )
+
     #-------------------------------------------------------------------------
     # Methods for managing kernels and sessions
     #-------------------------------------------------------------------------