[
https://issues.apache.org/jira/browse/KNOX-3039?focusedWorklogId=923589&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923589
]
ASF GitHub Bot logged work on KNOX-3039:
----------------------------------------
Author: ASF GitHub Bot
Created on: 15/Jun/24 00:58
Start Date: 15/Jun/24 00:58
Worklog Time Spent: 10m
Work Description: kardolus commented on code in PR #914:
URL: https://github.com/apache/knox/pull/914#discussion_r1640568668
##########
gateway-server/src/main/java/org/apache/knox/gateway/GatewayServlet.java:
##########
@@ -282,33 +281,15 @@ public Enumeration<String> getInitParameterNames() {
}
}
- private Exception sanitizeException(Exception e) {
+ private SanitizedException logAndSanitizeException(Exception e) {
+ LOG.failedToExecuteFilter(e);
if (e == null || e.getMessage() == null) {
- return e;
+ return new SanitizedException(e.getMessage());
}
if (!isErrorMessageSanitizationEnabled || e.getMessage() == null) {
- return e;
+ return new SanitizedException(e.getMessage());
}
String sanitizedMessage =
e.getMessage().replaceAll(errorMessageSanitizationPattern, "[hidden]");
-
- return createSanitizedException(e, sanitizedMessage);
- }
-
- private <T extends Exception> T createSanitizedException(T e, String
sanitizedMessage) {
- try {
- Constructor<? extends Exception> constructor =
e.getClass().getConstructor(String.class, Throwable.class);
- T sanitizedException = (T) constructor.newInstance(sanitizedMessage,
e.getCause());
- sanitizedException.setStackTrace(e.getStackTrace());
- return sanitizedException;
- } catch (Exception ex) {
- Exception genericException = new Exception(sanitizedMessage,
e.getCause());
- genericException.setStackTrace(e.getStackTrace());
- return (T) genericException;
- }
- }
-
- private <T extends Exception> T logAndSanitizeException(Exception e) throws
T {
- LOG.failedToExecuteFilter(e);
- throw (T) sanitizeException(e);
+ return new SanitizedException(sanitizedMessage);
Review Comment:
@pzampino The Single Responsibility Principle would be violated because it
would make the SanitizedException class responsible for both defining an
exception and performing sanitization logic, thus giving it more than one
reason to change.
Issue Time Tracking
-------------------
Worklog Id: (was: 923589)
Time Spent: 5h 50m (was: 5h 40m)
> IP Address Exposure in HTTP 500 Error Message
> ---------------------------------------------
>
> Key: KNOX-3039
> URL: https://issues.apache.org/jira/browse/KNOX-3039
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Guillermo Kardolus
> Priority: Major
> Time Spent: 5h 50m
> Remaining Estimate: 0h
>
> A potential security vulnerability has been identified in Apache Knox where
> internal IP addresses are exposed in HTTP 500 error messages. This issue can
> occur when a user modifies the URL for one of the proxy services, leading to
> an error page that includes the IP address of the internal service.
> *Steps to Reproduce:*
> # Navigate to a proxy service URL, for example:
> {{<[https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=8051]>}}
> # Modify the {{port}} parameter to an invalid port, such as:
> {{<[https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=9999]>}}
> # Observe the resulting HTTP 500 error message which includes the internal
> IP address.
> *Observed Behavior:* The error message reveals the internal IP address in the
> stack trace, which can be used by an attacker for port scanning and other
> malicious activities.
> *Example:*
> {code:java}
> HTTP ERROR 500 java.io.IOException: java.io.IOException: Service connectivity
> error.
> MESSAGE: java.io.IOException: java.io.IOException: Service connectivity error.
> ...
> CAUSED BY: java.io.IOException: Connect to example.com:9996
> [example.com/10.140.190.10] failed: Connection refused (Connection refused)
> ... {code}
> *Expected Behavior:* Error messages should not expose internal IP addresses.
> Instead, they should be sanitized to prevent the disclosure of sensitive
> information.
> *Proposed Solution:*
> # *Sanitization Mechanism:* Implement a mechanism to sanitize error messages
> before they are sent to the client. This can include replacing IP addresses
> with placeholders such as {{{}[hidden]{}}}.
> # *Configuration Options:* Provide configuration options for users to enable
> or disable this sanitization based on their security needs. By default, users
> should opt-in to this new sanitization functionality, with an option to
> opt-out if necessary.
> # *Knox-specific Error Page:* Alternatively, consider implementing a
> Knox-specific error page that displays an error message without revealing any
> sensitive information.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
