From 3de08a9590b5590d5961d9e4047751760043307e Mon Sep 17 00:00:00 2001 From: niamhcore Date: Thu, 11 Mar 2021 10:34:35 +0000 Subject: Exception stack trace is exposed Issue-ID: CPS-249 Signed-off-by: niamhcore Change-Id: I1e03c17364c925c6f976f2147cb17f8ac26ba995 --- .../rest/exceptions/CpsRestExceptionHandler.java | 34 +++++++++------------- .../exceptions/CpsRestExceptionHandlerSpec.groovy | 20 ++----------- 2 files changed, 16 insertions(+), 38 deletions(-) (limited to 'cps-rest/src') diff --git a/cps-rest/src/main/java/org/onap/cps/rest/exceptions/CpsRestExceptionHandler.java b/cps-rest/src/main/java/org/onap/cps/rest/exceptions/CpsRestExceptionHandler.java index 6e851519a7..75a45320f8 100644 --- a/cps-rest/src/main/java/org/onap/cps/rest/exceptions/CpsRestExceptionHandler.java +++ b/cps-rest/src/main/java/org/onap/cps/rest/exceptions/CpsRestExceptionHandler.java @@ -20,7 +20,6 @@ package org.onap.cps.rest.exceptions; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.exception.ExceptionUtils; import org.onap.cps.rest.controller.AdminRestController; import org.onap.cps.rest.controller.DataRestController; import org.onap.cps.rest.controller.QueryRestController; @@ -43,6 +42,8 @@ import org.springframework.web.bind.annotation.RestControllerAdvice; QueryRestController.class}) public class CpsRestExceptionHandler { + private static final String checkLogsForDetails = "Check logs for details."; + private CpsRestExceptionHandler() { } @@ -52,7 +53,8 @@ public class CpsRestExceptionHandler { * @param exception the exception to handle * @return response with response code 500. */ - @ExceptionHandler public static ResponseEntity handleInternalServerErrorExceptions( + @ExceptionHandler + public static ResponseEntity handleInternalServerErrorExceptions( final Exception exception) { return buildErrorResponse(HttpStatus.INTERNAL_SERVER_ERROR, exception); } @@ -60,41 +62,33 @@ public class CpsRestExceptionHandler { @ExceptionHandler({ModelValidationException.class, DataValidationException.class, CpsAdminException.class, CpsPathException.class}) public static ResponseEntity handleBadRequestExceptions(final CpsException exception) { - return buildErrorResponse(HttpStatus.BAD_REQUEST, exception.getMessage(), extractDetails(exception)); + return buildErrorResponse(HttpStatus.BAD_REQUEST, exception); } @ExceptionHandler({NotFoundInDataspaceException.class, DataNodeNotFoundException.class}) public static ResponseEntity handleNotFoundExceptions(final CpsException exception) { - return buildErrorResponse(HttpStatus.NOT_FOUND, exception.getMessage(), extractDetails(exception)); + return buildErrorResponse(HttpStatus.NOT_FOUND, exception); } @ExceptionHandler({DataInUseException.class}) public static ResponseEntity handleDataInUseException(final CpsException exception) { - return buildErrorResponse(HttpStatus.CONFLICT, exception.getMessage(), extractDetails(exception)); + return buildErrorResponse(HttpStatus.CONFLICT, exception); } @ExceptionHandler({CpsException.class}) public static ResponseEntity handleAnyOtherCpsExceptions(final CpsException exception) { - return buildErrorResponse(HttpStatus.INTERNAL_SERVER_ERROR, exception.getMessage(), extractDetails(exception)); + return buildErrorResponse(HttpStatus.INTERNAL_SERVER_ERROR, exception); } private static ResponseEntity buildErrorResponse(final HttpStatus status, final Exception exception) { - return buildErrorResponse(status, exception.getMessage(), ExceptionUtils.getStackTrace(exception)); - } - - private static ResponseEntity buildErrorResponse(final HttpStatus status, final String message, - final String details) { - log.error("An error has occurred : {} Status: {} Details: {}", message, status, details); + if (exception.getCause() != null || !(exception instanceof CpsException)) { + log.error("Exception occurred", exception); + } final ErrorMessage errorMessage = new ErrorMessage(); errorMessage.setStatus(status.toString()); - errorMessage.setMessage(message); - errorMessage.setDetails(details); + errorMessage.setMessage(exception.getMessage()); + errorMessage.setDetails(exception instanceof CpsException ? ((CpsException) exception).getDetails() : + checkLogsForDetails); return new ResponseEntity<>(errorMessage, status); } - - private static String extractDetails(final CpsException exception) { - return exception.getCause() == null - ? exception.getDetails() - : ExceptionUtils.getStackTrace(exception.getCause()); - } } diff --git a/cps-rest/src/test/groovy/org/onap/cps/rest/exceptions/CpsRestExceptionHandlerSpec.groovy b/cps-rest/src/test/groovy/org/onap/cps/rest/exceptions/CpsRestExceptionHandlerSpec.groovy index 89b6b89364..22b5b04292 100644 --- a/cps-rest/src/test/groovy/org/onap/cps/rest/exceptions/CpsRestExceptionHandlerSpec.groovy +++ b/cps-rest/src/test/groovy/org/onap/cps/rest/exceptions/CpsRestExceptionHandlerSpec.groovy @@ -87,33 +87,27 @@ class CpsRestExceptionHandlerSpec extends RestControllerSpecification { def 'Get request with runtime exception returns HTTP Status Internal Server Error'() { - when: 'runtime exception is thrown by the service' setupTestException(new IllegalStateException(errorMessage)) def response = performTestRequest() - then: 'an HTTP Internal Server Error response is returned with correct message and details' assertTestResponse(response, INTERNAL_SERVER_ERROR, errorMessage, null) } def 'Get request with generic CPS exception returns HTTP Status Internal Server Error'() { - when: 'generic CPS exception is thrown by the service' setupTestException(new CpsException(errorMessage, errorDetails)) def response = performTestRequest() - then: 'an HTTP Internal Server Error response is returned with correct message and details' assertTestResponse(response, INTERNAL_SERVER_ERROR, errorMessage, errorDetails) } def 'Get request with no data found CPS exception returns HTTP Status Not Found'() { - when: 'no data found CPS exception is thrown by the service' def dataspaceName = 'MyDataSpace' def descriptionOfObject = 'Description' setupTestException(new NotFoundInDataspaceException(dataspaceName, descriptionOfObject)) def response = performTestRequest() - then: 'an HTTP Not Found response is returned with correct message and details' assertTestResponse(response, NOT_FOUND, 'Object not found', 'Description does not exist in dataspace MyDataSpace.') @@ -121,11 +115,9 @@ class CpsRestExceptionHandlerSpec extends RestControllerSpecification { @Unroll def 'request with an expectedObjectTypeInMessage object already defined exception returns HTTP Status Bad Request'() { - when: 'no data found CPS exception is thrown by the service' setupTestException(exceptionThrown) def response = performTestRequest() - then: 'an HTTP Bad Request response is returned with correct message an details' assertTestResponse(response, BAD_REQUEST, "Duplicate ${expectedObjectTypeInMessage}", @@ -139,14 +131,11 @@ class CpsRestExceptionHandlerSpec extends RestControllerSpecification { @Unroll def 'Get request with a #exceptionThrown.class.simpleName returns HTTP Status Bad Request'() { - when: 'CPS validation exception is thrown by the service' setupTestException(exceptionThrown) def response = performTestRequest() - then: 'an HTTP Bad Request response is returned with correct message and details' assertTestResponse(response, BAD_REQUEST, errorMessage, errorDetails) - where: 'the following exceptions are thrown' exceptionThrown << [new ModelValidationException(errorMessage, errorDetails, null), new DataValidationException(errorMessage, errorDetails, null), @@ -155,14 +144,11 @@ class CpsRestExceptionHandlerSpec extends RestControllerSpecification { @Unroll def 'Delete request with a #exceptionThrown.class.simpleName returns HTTP Status Conflict'() { - when: 'CPS validation exception is thrown by the service' setupTestException(exceptionThrown) def response = performTestRequest() - then: 'an HTTP Conflict response is returned with correct message and details' assertTestResponse(response, CONFLICT, exceptionThrown.getMessage(), exceptionThrown.getDetails()) - where: 'the following exceptions are thrown' exceptionThrown << [new DataInUseException(dataspaceName, existingObjectName), new SchemaSetInUseException(dataspaceName, existingObjectName)] @@ -188,10 +174,9 @@ class CpsRestExceptionHandlerSpec extends RestControllerSpecification { } /* - * NB. The test uses 'get JSON by id' endpoint and associated service method invocation + * NB. The test uses 'get anchors' endpoint and associated service method invocation * to test the exception handling. The endpoint chosen is not a subject of test. */ - def setupTestException(exception) { mockCpsAdminService.getAnchors(_) >> { throw exception} } @@ -203,8 +188,7 @@ class CpsRestExceptionHandlerSpec extends RestControllerSpecification { .andReturn().response } - void assertTestResponse(response, expectedStatus, - expectedErrorMessage, expectedErrorDetails) { + static void assertTestResponse(response, expectedStatus, expectedErrorMessage, expectedErrorDetails) { assert response.status == expectedStatus.value() def content = new JsonSlurper().parseText(response.contentAsString) assert content['status'] == expectedStatus.toString() -- cgit 1.2.3-korg