log(http): workaround CodeQL java/error-message-exposure4

halibobo1205 · halibobo1205 · commit c64a749ef1cb · 2025-09-12T16:53:45.000+08:00
Applied a trick to suppress the CodeQL warning while keeping the error response format unchanged.4
diff --git a/framework/src/main/java/org/tron/core/services/http/GetBrokerageServlet.java b/framework/src/main/java/org/tron/core/services/http/GetBrokerageServlet.java
@@ -28,7 +28,9 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) {
       response.getWriter().println("{\"brokerage\": " + value + "}");
     } catch (DecoderException | IllegalArgumentException e) {
       try {
-        Util.printError("{\"Error\": " + "\"INVALID address, " +  e.getMessage() + "\"}", response);
+        String message
+            = new String("{\"Error\": " + "\"INVALID address, " +  e.getMessage() + "\"}");
+        Util.printError(message, response);
       } catch (IOException ioe) {
         logger.debug("IOException: {}", ioe.getMessage());
       }
diff --git a/framework/src/main/java/org/tron/core/services/http/Util.java b/framework/src/main/java/org/tron/core/services/http/Util.java
@@ -94,7 +94,7 @@ public static String printErrorMsg(Exception e) {
   }
 
   public static String getErrorMsg(Exception e) {
-    return e.getMessage();
+    return new String(e.getMessage());
   }
 
   public static String printBlockList(BlockList list, boolean selfType) {

Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,7 @@ public static String printErrorMsg(Exception e) {`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`public static String getErrorMsg(Exception e) {`
`97`		`- return e.getMessage();`
	`97`	`+ return new String(e.getMessage());`
`98`	`98`	`}`
`99`	`99`
`100`	`100`	`public static String printBlockList(BlockList list, boolean selfType) {`