Skip to content

fix: improve error handling and remove system data from error message idp managment #1474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: improve error handling and remove system data from error message idp managment #1474

wants to merge 2 commits into from

Conversation

@JordanGerada3
Copy link
Contributor

@JordanGerada3 JordanGerada3 commented Nov 28, 2025

Description

Improved error handling and less revealing error response messages.

Why

The application consistently returns overly verbose error responses that expose internal implementation details whenever an external request or backend process fails. These responses include internal namespaces, library identifiers, upstream service URLs, and backend component references that should not be visible to end users.
Such information disclosure reveals aspects of the application’s architecture, technologies, and integration points, which could help an attacker map the internal environment and craft more targeted reconnaissance or exploitation attempts.

Issue

#1473

Checklist

  • I have performed a self-review of my own code
  • I have successfully tested my changes locally
  • I have added tests that prove my changes work
  • I have checked that new and existing tests pass locally with my changes

@JordanGerada3 JordanGerada3 changed the title fix: impove error handling and remove system data from error message idp managment fix: improve error handling and remove system data from error message idp managment Nov 28, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 28, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 28, 2025
View reviewed changes
src/provisioning/Provisioning.Library/Extensions/IdentityProviderManager.cs
Comment on lines +86 to +92
catch (Exception ex)
{
throw new ServiceException(
$"Failed to import identityprovider metadata: {ex.Message}",
HttpStatusCode.BadRequest
);
}

Check notice

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.
tfjanjua
tfjanjua reviewed Nov 28, 2025
View reviewed changes
Copy link
Contributor

@tfjanjua tfjanjua left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change looks fine to me, just some extra spaces can be removed and line#96 https://github.com/eclipse-tractusx/portal-backend/pull/1474/files#diff-ffb6f719e2b7f835437d9fbfe055bf0265fb78d2d226d1d49c3276bc683c4c01R96 can be formatted.

CodeQL note is more important! please have a look on that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@tfjanjua tfjanjua tfjanjua left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Portal
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JordanGerada3 @tfjanjua