Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove printStackTrace method calls from the source code #1359

Closed
tsonevn opened this issue Apr 30, 2019 · 0 comments
Closed

Remove printStackTrace method calls from the source code #1359

tsonevn opened this issue Apr 30, 2019 · 0 comments
Assignees
@vtrifonov
Milestone
6.0.0

Comments

@tsonevn
Copy link

tsonevn commented Apr 30, 2019

A Client logged an issue via admin about potential security risk, because of using printStackTrace in the application source code.
I am attaching the full test report.

===================================

Abstract:
It is observed that the application was using printStackTrace in the application source code. A stack trace is generated whenever application crashes because of an error or an exception.

Impact:
Display stack trace to end-user might introduce a potential security risk as stack trace shows a list of method calls that lead to the exception being thrown, together with the filenames and line numbers where the calls happened. This information may enable attacker to target known vulnerabilities of the components.

Ease of Exploitation: 
Difficult

Recommendation:
It is recommended to restrict use of printStackTrace() throughout the application.


===================================

Also the client found that one of the places, where printStackTrace is used, is in RuntimeHelper.java.

t.1406435
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vtrifonov vtrifonov

Labels
None yet
Projects
None yet
Milestone
6.0.0
Development

No branches or pull requests
5 participants
@vtrifonov @Natalia-Hristova @vhristov5555 @tsonevn @vmutafov