]> source.dussan.org Git - sonarqube.git/commitdiff
projects / sonarqube.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2263906)
SONAR-8177 do not display messages of internal errors
authorSimon Brandhof <simon.brandhof@sonarsource.com>
Wed, 16 Nov 2016 16:20:07 +0000 (17:20 +0100)
committerSimon Brandhof <simon.brandhof@sonarsource.com>
Wed, 16 Nov 2016 22:50:51 +0000 (23:50 +0100)
server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java patch | blob | history
server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java patch | blob | history
sonar-core/src/main/resources/org/sonar/l10n/core.properties patch | blob | history

diff --git a/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java b/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java
index 85699bad2b803901c5bc2d64dc037c0901f8b3d3..889ba49b7f91176d95fa3cad072a3aa7daf27dd6 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java
@@ -120,7 +120,9 @@ public class WebServiceEngine implements LocalConnector, Startable {
         return;
       }
       LOGGER.error("Fail to process request " + request, e);
-      sendErrors(response, 500, new Errors().add(Message.of(e.getMessage())));
+      // Sending exception message into response is a vulnerability. Error must be
+      // displayed only in logs.
+      sendErrors(response, 500, new Errors().add(Message.of("error_occurred")));
     }
   }
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java b/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
index a5a0c1b0cca1e2e45ae51fab826e4c0dd0c8ca3a..b1eaf0ecb8275c764ae72ffb0cb635f5eb9c5a32 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
@@ -54,9 +54,8 @@ public class WebServiceEngineTest {
   @Rule
   public UserSessionRule userSessionRule = UserSessionRule.standalone();
 
-  I18n i18n = mock(I18n.class);
-
-  WebServiceEngine underTest = new WebServiceEngine(new WebService[] {new SystemWs()}, i18n, userSessionRule);
+  private I18n i18n = mock(I18n.class);
+  private WebServiceEngine underTest = new WebServiceEngine(new WebService[] {new SystemWs()}, i18n, userSessionRule);
 
   @Before
   public void start() {
@@ -223,9 +222,10 @@ public class WebServiceEngineTest {
     DumbResponse response = new DumbResponse();
     underTest.execute(request, response);
 
-    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"Unexpected\"}]}");
+    assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"error_occurred\"}]}");
     assertThat(response.stream().status()).isEqualTo(500);
     assertThat(response.stream().mediaType()).isEqualTo(MediaTypes.JSON);
+    assertThat(logTester.logs(LoggerLevel.ERROR)).filteredOn(l -> l.contains("Fail to process request")).isNotEmpty();
   }
 
   @Test
diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
index ec2c18ff9fed3218667fd8881863753e3fe6f494..871604761149c9f41562886b51c9e8328b2e4a5a 100644 (file)
--- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties
+++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
@@ -220,6 +220,7 @@ check_project=Check project
 coding_rules=Rules
 click_to_add_to_favorites=Click to add to favorites
 click_to_remove_from_favorites=Click to remove from favorites
+error_occurred=An error has occurred. Please contact your administrator.
 contact_admin=Please contact your administrator.
 created_by=Created by
 deactivate_all=Deactivate all
Continuous Inspection: https://github.com/SonarSource/sonarqube