Skip to content

Remove insecure printStackTrace calls.#87

Merged
wjonassen merged 8 commits intoopendcs:mainfrom
wjonassen:feature/remove_printStackTrace
Feb 14, 2024
Merged

Remove insecure printStackTrace calls.#87
wjonassen merged 8 commits intoopendcs:mainfrom
wjonassen:feature/remove_printStackTrace

Conversation

@wjonassen
Copy link
Collaborator

@wjonassen wjonassen commented Jan 10, 2024
edited
Loading

Problem Description

There are several calls to throwable.printStackTrace throughout the rest-api project. These have been flagged as insecure and need to be removed.
Fixes #96.
Throwable.printStackTrace(...) prints a Throwable and its stack trace to System.Err (by default) which is not easily parseable and can expose sensitive information.

Solution

Use a logger to get the same message to the user.

how you tested the change

Forced one of these conditions and verified the logger logged the message.

Where the following done:

  • Tests. Check all that apply:
    • Unit tests created or modified that run during ant test.
    • Integration tests created or modified that run during integration testing
      (Formerly called regression tests.)
    • Test procedure descriptions for manual testing
  • Was relevant documentation updated?
  • Were relevant config element (e.g. XML data) updated as appropriate

If you aren't sure leave unchecked and we will help guide you to want needs changing where.

@wjonassen wjonassen added this to the 3 - Code Modifications milestone Jan 10, 2024
@wjonassen wjonassen force-pushed the feature/remove_printStackTrace branch from 73216e4 to 6bc58b9 Compare January 17, 2024 11:30
@wjonassen wjonassen changed the title Note stating what needs to be changed throughout the project for this… Remove insecure printStackTrace calls. Jan 17, 2024
@wjonassen wjonassen force-pushed the feature/remove_printStackTrace branch from 6bc58b9 to 7278f87 Compare January 21, 2024 16:34
@wjonassen
Removing concatenations in these logging areas.
213dbf5
@wjonassen
Just the exception in the thrown exception. Since the error message i…
a563e2c 
…s being logged, I don't think it's necessary to restate the message in the thrown exception.
@wjonassen wjonassen marked this pull request as ready for review January 22, 2024 01:33
@wjonassen
Updating so the exceptions are caught properly. Also removing excepti…
12a4cf6 
…on.getMessage, as the string is not what we are looking for.

Cleaning up some unused comments and imports.
@wjonassen wjonassen requested a review from adamkorynta February 6, 2024 21:04
adamkorynta
adamkorynta reviewed Feb 6, 2024
View reviewed changes
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 14, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
2.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarCloud

@wjonassen wjonassen merged commit 639030e into opendcs:main Feb 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MikeNeilson MikeNeilson MikeNeilson approved these changes

@adamkorynta adamkorynta adamkorynta approved these changes

Assignees

No one assigned

Labels

None yet

Projects

No open projects
W912HQ23F0243 Task 5: OpenDCS API and Web Client Review
Status: Done

Milestone

3 - Code Modifications

Development

Successfully merging this pull request may close these issues.

Remove insecure printStackTrace calls.

3 participants

@wjonassen @MikeNeilson @adamkorynta