baldimir commented on code in PR #4119:
URL:
https://github.com/apache/incubator-kie-kogito-runtimes/pull/4119#discussion_r2497747407
##########
addons/common/process-instance-migration/src/main/java/org/kie/kogito/process/migration/BaseProcessInstanceMigrationResource.java:
##########
@@ -50,7 +50,7 @@ public T doMigrateInstance(String processId,
ProcessMigrationSpec migrationSpec,
message.put("processInstanceId", processInstanceId);
return buildOkResponse(message);
} catch (Exception e) {
- return badRequestResponse(e.getMessage());
+ return badRequestResponse("An exception occurred during migration
of a process instance. Please check the logs for more information.");
Review Comment:
There should be ideally a proper exception system implemented. Currently, we
catch Exception class (so whatever is thrown) and put the exception message
into the response for the user. This is highly risky from security perspective
as the exceptions could contain sensitive information and not everything should
be shared directly to the user, as the user could be some malicious entity.
##########
addons/common/process-instance-migration/src/main/java/org/kie/kogito/process/migration/BaseProcessInstanceMigrationResource.java:
##########
@@ -63,7 +63,7 @@ public T doMigrateAllInstances(String processId,
ProcessMigrationSpec migrationS
message.put("numberOfProcessInstanceMigrated",
numberOfProcessInstanceMigrated);
return buildOkResponse(message);
} catch (Exception e) {
- return badRequestResponse(e.getMessage());
+ return badRequestResponse("An exception occurred during process
instances migration. Please check the logs for more information.");
Review Comment:
There should be ideally a proper exception system implemented. Currently, we
catch Exception class (so whatever is thrown) and put the exception message
into the response for the user. This is highly risky from security perspective
as the exceptions could contain sensitive information and not everything should
be shared directly to the user, as the user could be some malicious entity.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
