aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java4
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java8
-rw-r--r--sonar-core/src/main/resources/org/sonar/l10n/core.properties1
3 files changed, 8 insertions, 5 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java b/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java
index 85699bad2b8..889ba49b7f9 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/ws/WebServiceEngine.java
@@ -120,7 +120,9 @@ public class WebServiceEngine implements LocalConnector, Startable {
return;
}
LOGGER.error("Fail to process request " + request, e);
- sendErrors(response, 500, new Errors().add(Message.of(e.getMessage())));
+ // Sending exception message into response is a vulnerability. Error must be
+ // displayed only in logs.
+ sendErrors(response, 500, new Errors().add(Message.of("error_occurred")));
}
}
diff --git a/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java b/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
index a5a0c1b0cca..b1eaf0ecb82 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/ws/WebServiceEngineTest.java
@@ -54,9 +54,8 @@ public class WebServiceEngineTest {
@Rule
public UserSessionRule userSessionRule = UserSessionRule.standalone();
- I18n i18n = mock(I18n.class);
-
- WebServiceEngine underTest = new WebServiceEngine(new WebService[] {new SystemWs()}, i18n, userSessionRule);
+ private I18n i18n = mock(I18n.class);
+ private WebServiceEngine underTest = new WebServiceEngine(new WebService[] {new SystemWs()}, i18n, userSessionRule);
@Before
public void start() {
@@ -223,9 +222,10 @@ public class WebServiceEngineTest {
DumbResponse response = new DumbResponse();
underTest.execute(request, response);
- assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"Unexpected\"}]}");
+ assertThat(response.stream().outputAsString()).isEqualTo("{\"errors\":[{\"msg\":\"error_occurred\"}]}");
assertThat(response.stream().status()).isEqualTo(500);
assertThat(response.stream().mediaType()).isEqualTo(MediaTypes.JSON);
+ assertThat(logTester.logs(LoggerLevel.ERROR)).filteredOn(l -> l.contains("Fail to process request")).isNotEmpty();
}
@Test
diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
index ec2c18ff9fe..87160476114 100644
--- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties
+++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
@@ -220,6 +220,7 @@ check_project=Check project
coding_rules=Rules
click_to_add_to_favorites=Click to add to favorites
click_to_remove_from_favorites=Click to remove from favorites
+error_occurred=An error has occurred. Please contact your administrator.
contact_admin=Please contact your administrator.
created_by=Created by
deactivate_all=Deactivate all