Code Review / netconf.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 1574639)
Don't include stacktraces in REST responses 72/68272/3
authorEvan Zeller <evanrzeller@gmail.com>
Mon, 22 Jan 2018 20:12:38 +0000 (12:12 -0800)
committerJakubToth <jakub.toth@pantheon.tech>
Sun, 25 Feb 2018 19:38:45 +0000 (19:38 +0000)
OWASP best practices recommend user facing error messages should not
contain stack traces or line numbers. The full stack trace should still be available in karaf.log.

Change-Id: Ia8ffed91ecdbf8a1d299c90c33882bbc18d55b50
Signed-off-by: Evan Zeller <evanrzeller@gmail.com>
restconf/sal-rest-connector/src/main/java/org/opendaylight/netconf/sal/restconf/impl/RestconfDocumentedException.java patch | blob | history

diff --git a/restconf/sal-rest-connector/src/main/java/org/opendaylight/netconf/sal/restconf/impl/RestconfDocumentedException.java b/restconf/sal-rest-connector/src/main/java/org/opendaylight/netconf/sal/restconf/impl/RestconfDocumentedException.java
index 82ebb3b599ff9d55295a61dc472bd97d3d8050ad..09cfc78907a1665101c6454a83517c1b98e8083a 100644 (file)
--- a/restconf/sal-rest-connector/src/main/java/org/opendaylight/netconf/sal/restconf/impl/RestconfDocumentedException.java
+++ b/restconf/sal-rest-connector/src/main/java/org/opendaylight/netconf/sal/restconf/impl/RestconfDocumentedException.java
@@ -9,7 +9,6 @@
 package org.opendaylight.netconf.sal.restconf.impl;
 
 import com.google.common.base.Preconditions;
-import com.google.common.base.Throwables;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Lists;
 import java.util.Collection;
@@ -64,7 +63,7 @@ public class RestconfDocumentedException extends WebApplicationException {
     public RestconfDocumentedException(final String message, final ErrorType errorType, final ErrorTag errorTag,
                                        final Throwable cause) {
         this(cause, new RestconfError(errorType, errorTag, message, null,
-                Throwables.getStackTraceAsString(cause), null));
+                cause.getMessage(), null));
     }
 
     /**
@@ -100,7 +99,7 @@ public class RestconfDocumentedException extends WebApplicationException {
 
     /**
      * Constructs an instance with an error message and exception cause.
-     * The stack trace of the exception is included in the error info.
+     * The underlying exception is included in the error-info.
      *
      * @param message
      *            A string which provides a plain text string describing the error.
@@ -109,7 +108,7 @@ public class RestconfDocumentedException extends WebApplicationException {
      */
     public RestconfDocumentedException(final String message, final Throwable cause) {
         this(cause, new RestconfError(RestconfError.ErrorType.APPLICATION, RestconfError.ErrorTag.OPERATION_FAILED,
-                message, null, Throwables.getStackTraceAsString(cause), null));
+                message, null, cause.getMessage(), null));
     }
 
     /**
Netconf