Skip to content
Permalink
Browse files Browse the repository at this point in the history
[DS-4449] Sanitise stacktrace output and default to NOT output stackt…
…races
  • Loading branch information
kshepherd committed May 27, 2022
1 parent ebb83a7 commit afcc6c3
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 11 deletions.
Expand Up @@ -8,6 +8,7 @@
package org.dspace.app.webui.servlet;

import java.io.IOException;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
Expand Down Expand Up @@ -37,6 +38,8 @@ public class InternalErrorServlet extends HttpServlet
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException
{

UUID errorCode = UUID.randomUUID();
// Get the exception that occurred, if any
Throwable t = (Throwable) request
.getAttribute("javax.servlet.error.exception");
Expand All @@ -45,14 +48,15 @@ protected void doGet(HttpServletRequest request,

// Log the error. Since we don't have a context, we need to
// build the info "by hand"
String logMessage = ":session_id=" + request.getSession().getId()
String logMessage = ":error_code=" + errorCode + ":session_id=" + request.getSession().getId()
+ ":internal_error:" + logInfo;

log.warn(logMessage, t);

// Now we try and mail the designated user, if any
UIUtil.sendAlert(request, (Exception) t);

request.setAttribute("javax.servlet.error.code", errorCode.toString());
JSPManager.showJSP(request, response, "/error/internal.jsp");
}

Expand Down
19 changes: 9 additions & 10 deletions dspace-jspui/src/main/webapp/error/internal.jsp
Expand Up @@ -17,6 +17,7 @@
prefix="fmt" %>

<%@ page import="java.io.PrintWriter" %>
<%@ page import="org.apache.commons.lang.StringUtils" %>

<%@ page isErrorPage="true" %>

Expand All @@ -40,17 +41,15 @@
</p>
<!--
<%
Throwable ex = (Throwable) request.getAttribute("javax.servlet.error.exception");
if(ex == null) out.println("No stack trace available<br/>");
String exCode = (String) request.getAttribute("javax.servlet.error.code");
if(StringUtils.isBlank(exCode)) {
out.println("No error code available");
}
else {
for(Throwable t = ex ; t!=null; t = t.getCause())
{
out.println(t.getMessage());
out.println("=============================================");
t.printStackTrace(new PrintWriter(out));
out.println("\n\n\n");
}
}
out.println("System error code: " + exCode);
}
out.println("=============================================");
out.println("\n\n\n");
%>
-->
</dspace:layout>

0 comments on commit afcc6c3

Please sign in to comment.