This is an automated email from the ASF dual-hosted git repository.
tzimanyi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-kogito-apps.git
The following commit(s) were added to refs/heads/main by this push:
new c185f57fc [kogito-apps#2279] Handle detected static code scan problems
(#2280)
c185f57fc is described below
commit c185f57fcfc098ba5b3de10e0061beb093d380e2
Author: Tibor Zimányi <[email protected]>
AuthorDate: Thu Nov 6 15:54:52 2025 +0100
[kogito-apps#2279] Handle detected static code scan problems (#2280)
---
.../main/java/org/kie/kogito/app/audit/api/DataAuditQuery.java | 8 +++++++-
.../app/audit/springboot/GraphQLAuditDataRouteMapping.java | 2 +-
.../org/kie/kogito/trusty/service/common/TrustyServiceImpl.java | 9 +++++++--
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git
a/data-audit/data-audit-common/src/main/java/org/kie/kogito/app/audit/api/DataAuditQuery.java
b/data-audit/data-audit-common/src/main/java/org/kie/kogito/app/audit/api/DataAuditQuery.java
index 96b5f21d8..9aa3b680f 100644
---
a/data-audit/data-audit-common/src/main/java/org/kie/kogito/app/audit/api/DataAuditQuery.java
+++
b/data-audit/data-audit-common/src/main/java/org/kie/kogito/app/audit/api/DataAuditQuery.java
@@ -52,7 +52,13 @@ public class DataAuditQuery {
@Override
public String toString() {
- return "DataAuditQuery [identifier=" + identifier + ",
graphQLDefinition=" + graphQLDefinition + ", query=" + query + "]";
+ return "DataAuditQuery [identifier="
+ + identifier.replace('\n', '_').replace('\r', '_')
+ + ", graphQLDefinition="
+ + graphQLDefinition.replace('\n', '_').replace('\r', '_')
+ + ", query="
+ + query.replace('\n', '_').replace('\r', '_')
+ + "]";
}
}
diff --git
a/data-audit/kogito-addons-data-audit-springboot/src/main/java/org/kie/kogito/app/audit/springboot/GraphQLAuditDataRouteMapping.java
b/data-audit/kogito-addons-data-audit-springboot/src/main/java/org/kie/kogito/app/audit/springboot/GraphQLAuditDataRouteMapping.java
index 82e5e2f8b..1b7495e63 100644
---
a/data-audit/kogito-addons-data-audit-springboot/src/main/java/org/kie/kogito/app/audit/springboot/GraphQLAuditDataRouteMapping.java
+++
b/data-audit/kogito-addons-data-audit-springboot/src/main/java/org/kie/kogito/app/audit/springboot/GraphQLAuditDataRouteMapping.java
@@ -95,6 +95,6 @@ public class GraphQLAuditDataRouteMapping {
@ExceptionHandler({ Throwable.class })
public ResponseEntity<String> handleException(Throwable th) {
- return ResponseEntity.badRequest().body(th.getLocalizedMessage());
+ return ResponseEntity.badRequest().body("An Exception occurred
processing the request. Please see the logs for more details.");
}
}
diff --git
a/trusty/trusty-service/trusty-service-common/src/main/java/org/kie/kogito/trusty/service/common/TrustyServiceImpl.java
b/trusty/trusty-service/trusty-service-common/src/main/java/org/kie/kogito/trusty/service/common/TrustyServiceImpl.java
index 0790a9693..a5e9a37e0 100644
---
a/trusty/trusty-service/trusty-service-common/src/main/java/org/kie/kogito/trusty/service/common/TrustyServiceImpl.java
+++
b/trusty/trusty-service/trusty-service-common/src/main/java/org/kie/kogito/trusty/service/common/TrustyServiceImpl.java
@@ -222,7 +222,9 @@ public class TrustyServiceImpl implements TrustyService {
//This is returned as null under Redis, so play safe
Collection<DecisionInput> decisionInputs =
Objects.nonNull(decision.getInputs()) ? decision.getInputs() :
Collections.emptyList();
if (!isStructureIdentical(decisionInputs, searchDomains)) {
- String error = buildCounterfactualErrorMessage(String.format("The
structure of the Search Domains do not match the structure of the original
Inputs for decision with ID %s.", executionId),
+ // The replace calls are sanitization of the user input. The
executionId has a way to reach here from the user.
+ String error = buildCounterfactualErrorMessage(
+ String.format("The structure of the Search Domains do not
match the structure of the original Inputs for decision with ID %s.",
executionId.replace('\n', '_').replace('\r', '_')),
"Decision inputs:-", decisionInputs,
"Search domains:-", searchDomains);
LOG.error(error);
@@ -232,8 +234,11 @@ public class TrustyServiceImpl implements TrustyService {
//This is returned as null under Redis, so play safe
Collection<DecisionOutcome> decisionOutcomes =
Objects.nonNull(decision.getOutcomes()) ? decision.getOutcomes() :
Collections.emptyList();
if (!isStructureSubset(decisionOutcomes, goals)) {
+ // The replace calls are sanitization of the user input. The
executionId has a way to reach here from the user.
String error =
- buildCounterfactualErrorMessage(String.format("The
structure of the Goals is not comparable to the structure of the original
Outcomes for decision with ID %s.", executionId),
+ buildCounterfactualErrorMessage(
+ String.format("The structure of the Goals is not
comparable to the structure of the original Outcomes for decision with ID %s.",
+ executionId.replace('\n',
'_').replace('\r', '_')),
"Decision outcomes:-", decisionOutcomes,
"Goals:-", goals);
LOG.error(error);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
