(CodeQL) Fixed finding: "Information exposure through an error message"

[pixeebot]

Remediation

This change fixes "Information exposure through an error message" (id = error-message-exposure) identified by CodeQL.

Details

This change removes exposure through sending/printing of error and exception data.

Our changes look like this:

 void function(HttpServletResponse response) {
    PrintWriter pw = reponse.getWriter();
    try{
        ...
    } catch (Exception e) {
-        pw.println(e.getMessage());
    }
 }

More reading

• https://cwe.mitre.org/data/definitions/209.html
• https://owasp.org/www-community/Improper_Error_Handling
• https://www.securecoding.cert.org/confluence/display/java/ERR01-J.+Do+not+allow+exceptions+to+expose+sensitive+information

🧚🤖 Powered by Pixeebot

Feedback | Community | Docs | Codemod ID: codeql:java/error-message-exposure

[pixeebot]

I'm confident in this change, but I'm not a maintainer of this project. Do you see any reason not to merge it?

If this change was not helpful, or you have suggestions for improvements, please let me know!

[pixeebot]

Just a friendly ping to remind you about this change. If there are concerns about it, we'd love to hear about them!

[pixeebot]

This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!

You can also customize me to make sure I'm working with you in the way you want.