opensearch-project · peternied · Feb 28, 2022 · Feb 18, 2022
@@ -15,6 +15,7 @@
 
 package org.opensearch.security.filter;
 
+import org.opensearch.OpenSearchSecurityException;
 import org.opensearch.security.auditlog.AuditLog;
 import org.opensearch.security.auth.BackendRegistry;
 import org.opensearch.security.configuration.AdminDNs;
@@ -26,20 +27,27 @@
 import org.opensearch.security.support.WildcardMatcher;
 import com.google.common.collect.ImmutableSet;
 
-import org.junit.Assert;
+import org.opensearch.action.ActionListener;
+import org.opensearch.action.ActionResponse;
 import org.opensearch.client.Client;
 import org.opensearch.cluster.service.ClusterService;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.threadpool.ThreadPool;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
+import org.mockito.ArgumentCaptor;
 
 import java.util.Arrays;
 import java.util.Collection;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 
 @RunWith(Parameterized.class)
 public class SecurityFilterTest {
@@ -84,4 +92,41 @@ public void testImmutableIndicesWildcardMatcher() {
         );
         assertEquals(expected, filter.getImmutableIndicesMatcher());
     }
+
+    @SuppressWarnings("unchecked")
+    @Test
+    public void testUnexepectedCausesAreNotSendToCallers() {
+        // Setup
+        final AuditLog auditLog = mock(AuditLog.class);
+        when(auditLog.getComplianceConfig()).thenThrow(new RuntimeException("ABC!"));
+        final ActionListener<ActionResponse> listener = mock(ActionListener.class);
+
+        final SecurityFilter filter = new SecurityFilter(
+            mock(Client.class),
+            settings,
+            mock(PrivilegesEvaluator.class),
+            mock(AdminDNs.class),
+            mock(DlsFlsRequestValve.class),
+            auditLog,
+            new ThreadPool(Settings.builder().put("node.name",  "mock").build()),
+            mock(ClusterService.class),
+            mock(CompatConfig.class),
+            mock(IndexResolverReplacer.class),
+            mock(BackendRegistry.class)
+        );
+
+        // Act
+        filter.apply(null, null, null, listener, null);
+
+        // Verify
+        verify(auditLog).getComplianceConfig(); // Make sure the exception was thrown
+
+        final ArgumentCaptor<OpenSearchSecurityException> cap = ArgumentCaptor.forClass(OpenSearchSecurityException.class);
+        verify(listener).onFailure(cap.capture());
+
+        assertNull(cap.getValue().getCause(), "The cause should never be included as it will leak to callers"); 
+        assertFalse(cap.getValue().getMessage().contains("ABC!"), "Make sure the cause exception wasn't toStringed in the method");
+
+        verifyNoMoreInteractions(auditLog, listener);
+    }
 }