diff options
3 files changed, 8 insertions, 5 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java b/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java index 85699bad2b8..889ba49b7f9 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java +++ b/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java @@ -120,7 +120,9 @@ public class WebServiceEngine implements LocalConnector, Startable { return; } LOGGER.error("Fail to process request " + request, e); - sendErrors(response, 500, new Errors().add(Message.of(e.getMessage()))); + // Sending exception message into response is a vulnerability. Error must be + // displayed only in logs. + sendErrors(response, 500, new Errors().add(Message.of("error_occurred"))); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java b/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java index a5a0c1b0cca..b1eaf0ecb82 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java @@ -54,9 +54,8 @@ public class WebServiceEngineTest { @Rule public UserSessionRule userSessionRule = UserSessionRule.standalone(); - I18n i18n = mock(I18n.class); - - WebServiceEngine underTest = new WebServiceEngine(new WebService[] {new SystemWs()}, i18n, userSessionRule); + private I18n i18n = mock(I18n.class); + private WebServiceEngine underTest = new WebServiceEngine(new WebService[] {new SystemWs()}, i18n, userSessionRule); @Before public void start() { @@ -223,9 +222,10 @@ public class WebServiceEngineTest { DumbResponse response = new DumbResponse(); underTest.execute(request, response); - assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"Unexpected\"}]}"); + assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"error_occurred\"}]}"); assertThat(response.stream().status()).isEqualTo(500); assertThat(response.stream().mediaType()).isEqualTo(MediaTypes.JSON); + assertThat(logTester.logs(LoggerLevel.ERROR)).filteredOn(l -> l.contains("Fail to process request")).isNotEmpty(); } @Test diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties index ec2c18ff9fe..87160476114 100644 --- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties +++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties @@ -220,6 +220,7 @@ check_project=Check project coding_rules=Rules click_to_add_to_favorites=Click to add to favorites click_to_remove_from_favorites=Click to remove from favorites +error_occurred=An error has occurred. Please contact your administrator. contact_admin=Please contact your administrator. created_by=Created by deactivate_all=Deactivate all |