[GitHub] [pulsar] rdhabalia opened a new pull request #8454: [pulsar-broker] Security-Recommendation: Remove verbose error message with system info for admin-api

Thu, 05 Nov 2020 11:14:15 -0800 


rdhabalia opened a new pull request #8454:
URL: https://github.com/apache/pulsar/pull/8454


   ### Motivation
   
   one of the security-recommendation report has listed system internal info in 
error-response which should be fixed.
   
   **url:** `curl -X DELETE -H 'Content-Type: application/json'  
http://localhost:8080/admin/namespaces/sample/standalone/ns1/maxConsumerPerSubscription`
   **Error-response:**
   ```
    --- An unexpected error occurred in the server ---
   
   Message: Invalid bundle range
   
   Stacktrace:
   
   java.lang.IllegalArgumentException: Invalid bundle range
        at 
com.google.common.base.Preconditions.checkArgument(Preconditions.java:141)
        at 
org.apache.pulsar.broker.web.PulsarWebResource.validateNamespaceBundleRange(PulsarWebResource.java:480)
        at 
org.apache.pulsar.broker.web.PulsarWebResource.validateNamespaceBundleOwnership(PulsarWebResource.java:522)
        at 
org.apache.pulsar.broker.admin.impl.NamespacesBase.internalDeleteNamespaceBundle(NamespacesBase.java:541)
        at 
org.apache.pulsar.broker.admin.impl.NamespacesBase.internalDeleteNamespaceBundle(NamespacesBase.java:488)
        at 
org.apache.pulsar.broker.admin.v1.Namespaces.deleteNamespaceBundle(Namespaces.java:229)
        at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
   ```
   
   ### Modification
   Return informative response without system info
   
   ### Result
   ```
   curl -X DELETE -H 'Content-Type: application/json'  
http://localhost:8080/admin/namespaces/sample/standalone/ns1/my-range
   
   {"reason":"Invalid bundle range: my-range"}
   ```


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to