Adding "}" at the end of each parameter will result in apiGatewayPlatformAS com.netflix.hystrix.exception.HystrixRuntimeException:

[angudon]

Hystrix is a latency and fault tolerance library designed to isolate points of access to remote systems, services and 3rd party libraries, stop cascading failure and enable resilience in complex distributed systems where failure is inevitable. Hystrix cab able to access the remote systems , so when adding the "}" at the end of the parameter will results in revealing the internal error as well as the remote systems ip address and a lot of juicy informations.

[angudon]

When i research about this error, this "}" symbol which cause overloading error leads to stops the multithreading , which is similar to dos attack

[angudon]

Error:

{"1":{"str":"Exception during call Agora service : apiGatewayPlatformAS com.netflix.hystrix.exception.HystrixRuntimeException: prana-apiplatform_apiGatewayPlatformAS_proxy_retry failed and fallback disabled.\n\tat com.netflix.hystrix.AbstractCommand.handleFallbackDisabledByEmittingError(AbstractCommand.java:1052)\n\tat com.netflix.hystrix.AbstractCommand.getFallbackOrThrowException(AbstractCommand.java:878)\n\tat com.netflix.hystrix.AbstractCommand.handleFailureViaFallback(AbstractCommand.java:1034)\n\tat com.netflix.hystrix.AbstractCommand.access$700(AbstractCommand.java:60)\n\tat com.netflix.hystrix.AbstractCommand$12.call(AbstractCommand.java:621)\n\tat com.netflix.hystrix.AbstractCommand$12.call(AbstractCommand.java:601)\n\tat rx.internal.operators.OperatorOnErrorResumeNextViaFunction$4.onError(OperatorOnErrorResumeNextViaFunction.java:140)\n\tat rx.internal.operators.OperatorDoOnEach$1.onError(OperatorDoOnEach.java:72)\n\tat rx.internal.operators.OperatorDoOnEach$1.onError(OperatorDoOnEach.java:72)\n\tat rx.observers.Subscribers$5.onError(Subscribers.java:230)\n\tat com.netflix.hystrix.AbstractCommand$DeprecatedOnRunHookApplication$1.onError(AbstractCommand.java:1431)\n\tat com.netflix.hystrix.AbstractCommand$ExecutionHookApplication$1.onError(AbstractCommand.java:1362)\n\tat rx.observers.Subscribers$5.onError(Subscribers.java:230)\n\tat rx.observers.Subscribers$5.onError(Subscribers.java:230)\n\tat rx.internal.operators.OnSubscribeThrow.call(OnSubscribeThrow.java:44)\n\tat rx.internal.operators.OnSubscribeThrow.call(OnSubscribeThrow.java:28)\n\tat rx.Observable.unsafeSubscribe(Observable.java:9860)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:51)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:35)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.Observable.unsafeSubscribe(Observable.java:9860)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:51)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:35)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.Observable.unsafeSubscribe(Observable.java:9860)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:51)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:35)\n\tat rx.Observable.unsafeSubscribe(Observable.java:9860)\n\tat rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48)\n\tat rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.Observable.unsafeSubscribe(Observable.java:9860)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:51)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:35)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.Observable.subscribe(Observable.java:9956)\n\tat rx.Observable.subscribe(Observable.java:9923)\n\tat rx.internal.operators.BlockingOperatorToFuture.toFuture(BlockingOperatorToFuture.java:51)\n\tat rx.observables.BlockingObservable.toFuture(BlockingObservable.java:412)\n\tat com.netflix.hystrix.HystrixCommand.queue(HystrixCommand.java:378)\n\tat com.netflix.hystrix.HystrixCommand.execute(HystrixCommand.java:344)\n\tat com.odesk.agora.prana.ProxyFilter.doFilter(ProxyFilter.java:230)\n\tat com.odesk.agora.prana.ProxyFilter$$EnhancerByGuice$$604e0719.CGLIB$doFilter$2()\n\tat com.odesk.agora.prana.ProxyFilter$$EnhancerByGuice$$604e0719$$FastClassByGuice$$b36c48bb.invoke()\n\tat com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)\n\tat com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:75)\n\tat com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:23)\n\tat com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:75)\n\tat com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:26)\n\tat com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:75)\n\tat com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:54)\n\tat com.odesk.agora.prana.ProxyFilter$$EnhancerByGuice$$604e0719.doFilter()\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.prana.brave.BraveServletFilter.doFilter(BraveServletFilter.java:63)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.prana.LatencyMetricsFilter.doFilter(LatencyMetricsFilter.java:47)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.filter.SimulationFilter.doFilter(SimulationFilter.java:72)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.filter.RequestContextFilter.doFilter(RequestContextFilter.java:83)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.tracing.TracingDecisionFilter.doFilter(TracingDecisionFilter.java:41)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.filter.HystrixRequestFilter.doFilter(HystrixRequestFilter.java:31)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.filter.CustomHeadersFilter.doFilter(CustomHeadersFilter.java:51)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.filter.RequestLogFilter.doFilter(RequestLogFilter.java:135)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.filter.PayloadSizeFilter.doFilter(PayloadSizeFilter.java:167)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.filter.RequestIdFilter.doFilter(RequestIdFilter.java:85)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.odesk.agora.filter.HttpMetricsFilter.doFilter(HttpMetricsFilter.java:131)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat io.dropwizard.servlets.ThreadNameFilter.doFilter(ThreadNameFilter.java:35)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:89)\n\tat com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120)\n\tat com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)\n\tat org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)\n\tat org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)\n\tat org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)\n\tat org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)\n\tat org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)\n\tat org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)\n\tat org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)\n\tat org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\n\tat org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)\n\tat com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:239)\n\tat io.dropwizard.jetty.RoutingHandler.handle(RoutingHandler.java:52)\n\tat org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:527)\n\tat io.dropwizard.jetty.BiDiGzipHandler.handle(BiDiGzipHandler.java:67)\n\tat org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:169)\n\tat org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)\n\tat org.eclipse.jetty.server.Server.handle(Server.java:530)\n\tat org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347)\n\tat org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256)\n\tat org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)\n\tat org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)\n\tat org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)\n\tat org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247)\n\tat org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140)\n\tat org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)\n\tat org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382)\n\tat org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:708)\n\tat org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:626)\n\tat java.base/java.lang.Thread.run(Thread.java:834)\nCaused by: javax.ws.rs.core.UriBuilderException: java.net.URISyntaxException: Illegal character in query at index 40: http://172.18.81.28:39163/graphql?query=}\n\tat org.glassfish.jersey.uri.internal.JerseyUriBuilder.createURI(JerseyUriBuilder.java:929)\n\tat org.glassfish.jersey.uri.internal.JerseyUriBuilder._build(JerseyUriBuilder.java:918)\n\tat org.glassfish.jersey.uri.internal.JerseyUriBuilder.build(JerseyUriBuilder.java:831)\n\tat org.glassfish.jersey.client.JerseyWebTarget.getUri(JerseyWebTarget.java:132)\n\tat com.odesk.agora.hystrix.GenericHttpAgoraServiceHystrixCommand.getWebTargetProxy(GenericHttpAgoraServiceHystrixCommand.java:341)\n\tat com.odesk.agora.hystrix.GenericHttpAgoraServiceHystrixCommand.getResponse(GenericHttpAgoraServiceHystrixCommand.java:313)\n\tat com.odesk.agora.hystrix.GenericHttpAgoraServiceHystrixCommand.run(GenericHttpAgoraServiceHystrixCommand.java:252)\n\tat com.odesk.agora.hystrix.GenericHttpAgoraServiceHystrixCommand.run(GenericHttpAgoraServiceHystrixCommand.java:43)\n\tat com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:302)\n\tat com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:298)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:46)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:35)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.Observable.unsafeSubscribe(Observable.java:9860)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:51)\n\tat rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:35)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)\n\tat rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)\n\tat rx.Observable.unsafeSubscribe(Observable.java:9860)\n\tat rx.internal.operators.OperatorSubscribeOn$1.call(OperatorSubscribeOn.java:94)\n\tat com.netflix.hystrix.strategy.concurrency.HystrixContexSchedulerAction$1.call(HystrixContexSchedulerAction.java:56)\n\tat com.netflix.hystrix.strategy.concurrency.HystrixContexSchedulerAction$1.call(HystrixContexSchedulerAction.java:47)\n\tat com.google.inject.servlet.ServletScopes$4.call(ServletScopes.java:447)\n\tat com.odesk.agora.hystrix.O2HystrixContextCallable.call(O2HystrixContextCallable.java:51)\n\tat brave.propagation.CurrentTraceContext$1CurrentTraceContextCallable.call(CurrentTraceContext.java:117)\n\tat com.netflix.hystrix.strategy.concurrency.HystrixContexSchedulerAction.call(HystrixContexSchedulerAction.java:69)\n\tat rx.internal.schedulers.ScheduledAction.run(ScheduledAction.java:55)\n\tat java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\n\tat java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\n\t... 1 more\nCaused by: java.net.URISyntaxException: Illegal character in query at index 40: http://172.18.81.28:39163/graphql?query=}\n\tat java.base/java.net.URI$Parser.fail(URI.java:2915)\n\tat java.base/java.net.URI$Parser.checkChars(URI.java:3086)\n\tat java.base/java.net.URI$Parser.parseHierarchical(URI.java:3174)\n\tat java.base/java.net.URI$Parser.parse(URI.java:3116)\n\tat java.base/java.net.URI.(URI.java:600)\n\tat org.glassfish.jersey.uri.internal.JerseyUriBuilder.createURI(JerseyUriBuilder.java:927)\n\t... 38 more\n"}}