Do not expose internal exception messages

2025-11-11 16:05:44 +01:00 · 2020-11-21 09:22:46 +01:00
parent 33e7a1374d
commit 73b2c4adc2
2 changed files with 33 additions and 11 deletions
--- a/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/hooks/DefaultHookHandler.java
+++ b/scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/hooks/DefaultHookHandler.java
@@ -115,10 +115,10 @@ class DefaultHookHandler implements HookHandler {
      return error("repository not found");
    } catch (ExceptionWithContext ex) {
      LOG.debug("scm exception on hook occurred", ex);
-      return error(context, ex);
+      return error(context, ex.getMessage());
    } catch (Exception ex) {
      LOG.warn("unknown error on hook occurred", ex);
-      return error(context, ex);
+      return error(context, "unknown error");
    } finally {
      environment.clearPendingState();
      TransactionId.clear();
@@ -133,9 +133,9 @@ class DefaultHookHandler implements HookHandler {
    subject.login(bearer);
  }

-  private Response error(HgHookContextProvider context, Exception ex) {
+  private Response error(HgHookContextProvider context, String message) {
    List<HgHookMessage> messages = new ArrayList<>(context.getHgMessageProvider().getMessages());
-    messages.add(createErrorMessage(ex.getMessage()));
+    messages.add(createErrorMessage(message));
    return new Response(messages, true);
  }

--- a/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/hooks/DefaultHookHandlerTest.java
+++ b/scm-plugins/scm-hg-plugin/src/test/java/sonia/scm/repository/hooks/DefaultHookHandlerTest.java
@@ -150,7 +150,7 @@ class DefaultHookHandlerTest {
    DefaultHookHandler.Request request = createRequest(RepositoryHookType.POST_RECEIVE);
    DefaultHookHandler.Response response = send(request);

-    assertError(response, "Something went wrong");
+    assertError(response, "unknown error");
  }

  @Test
@@ -168,11 +168,8 @@ class DefaultHookHandlerTest {
  }

  @Test
-  void shouldSendMessagesOnException() throws IOException {
-    HgHookMessageProvider messageProvider = new HgHookMessageProvider();
-    messageProvider.sendMessage("Some note");
-    messageProvider.sendMessage("Some error");
-    mockMessageProvider(messageProvider);
+  void shouldSendMessagesOnUnknownException() throws IOException {
+    mockMessageProviderWithMessages();

    doThrow(new IllegalStateException("Abort it"))
      .when(hookEventFacade)
@@ -181,12 +178,37 @@ class DefaultHookHandlerTest {
    DefaultHookHandler.Request request = createRequest(RepositoryHookType.POST_RECEIVE);
    DefaultHookHandler.Response response = send(request);

+    assertMessages(response, "unknown error");
+  }
+
+  @Test
+  void shouldSendMessagesOnExceptionWithContext() throws IOException {
+    mockMessageProviderWithMessages();
+
+    doThrow(new TestingException("Exception with Context"))
+      .when(hookEventFacade)
+      .handle("42");
+
+    DefaultHookHandler.Request request = createRequest(RepositoryHookType.POST_RECEIVE);
+    DefaultHookHandler.Response response = send(request);
+
+    assertMessages(response, "Exception with Context");
+  }
+
+  private void assertMessages(DefaultHookHandler.Response response, String errorMessage) {
    List<String> received = response.getMessages()
      .stream()
      .map(HgHookMessage::getMessage)
      .collect(Collectors.toList());

-    assertThat(received).containsExactly("Some note", "Some error", "Abort it");
+    assertThat(received).containsExactly("Some note", "Some error", errorMessage);
+  }
+
+  private void mockMessageProviderWithMessages() {
+    HgHookMessageProvider messageProvider = new HgHookMessageProvider();
+    messageProvider.sendMessage("Some note");
+    messageProvider.sendMessage("Some error");
+    mockMessageProvider(messageProvider);
  }

  @Test