Potentially Bug: Unhandled ECONNRESET in websocket upgrade causes process crash #279
Description
Issue: Security port scan done (Tenable Nessus) on the CARTA host server causes the service to crash.
The carta-controller crashes when a TCP connection is reset during a websocket upgrade handshake. This is reproducible by any network scanner (confirmed via Nessus) that probes the CARTA web port with a plain HTTP request and then immediately drops the connection.
Stack trace:
Mar 05 09:43:53 setonix-carta02 carta-controller[45689]: 2026-03-05 09:43:53 [WARNING]: Incoming Websocket upgrade request could not be parsed: /
Mar 05 09:43:53 setonix-carta02 carta-controller[45689]: Error: read ECONNRESET
Mar 05 09:43:53 setonix-carta02 carta-controller[45689]: at TCP.onStreamRead (node:internal/stream_base_commons:216:20) {
Mar 05 09:43:53 setonix-carta02 carta-controller[45689]: errno: -104,
Mar 05 09:43:53 setonix-carta02 carta-controller[45689]: code: 'ECONNRESET',
Mar 05 09:43:53 setonix-carta02 carta-controller[45689]: syscall: 'read'
Mar 05 09:43:53 setonix-carta02 carta-controller[45689]: }
What looks like the root cause: The Node.js HTTP/WebSocket server does not attach an 'error' event listener to the socket during the upgrade phase. Per Node.js documentation, all EventEmitter instances that emit 'error' without a listener throw as an uncaught exception, terminating the process.
Expected behaviour: The server should catch the error and gracefully close the socket without crashing the process.