knox icon indicating copy to clipboard operation
knox copied to clipboard

Published 20 hours ago verified publisher icon apache

KNOX-3039 Add error message sanitization to GatewayServlet

Open kardolus opened this issue 8 months ago • 4 comments

What changes were proposed in this pull request?

This pull request introduces a mechanism to sanitize error messages in the GatewayServlet to improve security by hiding IP addresses from exception messages. The following changes were made:

  • Added a isErrorMessageSanitizationEnabled flag to the GatewayServlet to control whether error messages should be sanitized.
  • Implemented the sanitizeException and sanitizeAndRethrow methods in GatewayServlet to handle exception sanitization.
  • Updated the GatewayConfig interface and its implementation GatewayConfigImpl to include a new method isErrorMessageSanitizationEnabled.
  • Created the GatewayServletTest class to parameterize tests for scenarios where sanitization is enabled and disabled.

How was this patch tested?

This patch was tested using the following methods:

  • Parameterized unit tests were added to GatewayServletTest to cover both scenarios where error message sanitization is enabled and disabled.
  • Manual review and inspection of the code changes to ensure accuracy and completeness.

Test steps:

  1. Added unit tests in GatewayServletTest to check for sanitized and non-sanitized error messages.
  2. Verified the new tests pass successfully, ensuring error messages are appropriately sanitized or left unchanged based on the configuration.

kardolus avatar Jun 04 '24 13:06 kardolus