CDA-115: Exception wrapping improvement#1775
Conversation
…Included integration test for location groups.
| .assertThat() | ||
| .statusCode(is(HttpServletResponse.SC_BAD_REQUEST)) | ||
| .body("message", equalTo("Bad Request")) | ||
| .body("details.message", equalTo("ORA-20998: ERROR: Alias (AliasedId) would reference multiple locations. " + |
There was a problem hiding this comment.
Strip the "ORA-XXXX:" part out of the detail message. The context is fine, but the security people get all "wiggy" when hints of database implementations are present... even when it's already rather well known like for, you know, this project.
There was a problem hiding this comment.
Dropped error code
| String[] parts = localizedMessage.split("\n"); | ||
| String errorMessage = parts[0]; | ||
| Map<String, String> errorDetails = new HashMap<>(); | ||
| errorDetails.put("message", errorMessage); |
There was a problem hiding this comment.
Message details need to be put through the sanitizer. The input is from the user so we assume it fail because it was an attack.... even if 98% of the time it's just a typo.
There was a problem hiding this comment.
Passed message through sanitizer
|
I've been unable to recreate the test failures locally, which makes me believe these were not caused by my changes |
|
I see the same failing test in other open PRs |
3 participants
Summary
Updated JooqDao to wrap all DB exceptions in range 20,000 to 20,999. Included integration test for location groups.
Related Issue
Closes #1695
Validation
Integration test included.
Checklist