On Thu, 6 Mar 2025 10:46:11 GMT, Michael McMahon <[email protected]> wrote:
>> Hi,
>>
>> Enhanced exception messages are designed to hide sensitive information such
>> as hostnames, IP
>> addresses from exception message strings, unless the enhanced mode for the
>> specific category
>> has been explicitly enabled. Enhanced exceptions were first introduced in
>> 8204233 in JDK 11 and
>> updated in 8207846.
>>
>> This PR aims to increase the coverage of enhanced exception messages in the
>> networking code.
>> A limited number of exceptions are already hidden (restricted) by default.
>> The new categories and
>> exceptions in this PR will be restricted on an opt-in basis, ie. the default
>> mode will be enhanced
>> (while preserving the existing behavior).
>>
>> The mechanism is controlled by the security/system property
>> "jdk.includeInExceptions" which takes as value
>> a comma separated list of category names, which identify groups of
>> exceptions where the exception
>> message may be enhanced. Any category not listed is "restricted" which means
>> that potentially
>> sensitive information (such as hostnames, IP addresses, user identities) are
>> excluded from the message text.
>>
>> The changes to the java.security conf file describe the exact changes in
>> terms of the categories now
>> supported and any changes in behavior.
>>
>> Thanks,
>> Michael
>
> Michael McMahon has updated the pull request incrementally with one
> additional commit since the last revision:
>
> doc + copyright update
src/java.base/share/classes/jdk/internal/util/Exceptions.java line 103:
> 101: * the output is the replacement string.
> 102: */
> 103: public static abstract class SensitiveInfo {
Let's sort modifiers in blessed order
Suggestion:
public abstract static class SensitiveInfo {
src/java.base/share/classes/jdk/internal/util/Exceptions.java line 338:
> 336: | hostCompatFlag;
> 337: enhancedUserExceptionText =
> SecurityProperties.includedInExceptions("userInfo");
> 338: enhancedJarExceptionText =
> SecurityProperties.INCLUDE_JAR_NAME_IN_EXCEPTIONS;
Suggestion:
enhancedJarExceptionText =
SecurityProperties.INCLUDE_JAR_NAME_IN_EXCEPTIONS;
test/jdk/sun/net/util/ExceptionsTest.java line 47:
> 45:
> 46: static boolean netEnabled() {
> 47: System.out.printf("netEnabled = %b\n", enhancedNetExceptions());
Suggestion:
System.out.printf("netEnabled = %b\n", enhancedNetExceptions());
test/jdk/sun/net/util/ExceptionsTest.java line 52:
> 50:
> 51: static boolean dnsEnabled() {
> 52: System.out.printf("dnsEnabled = %b\n",
> enhancedLookupExceptions());
Suggestion:
System.out.printf("dnsEnabled = %b\n", enhancedLookupExceptions());
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23929#discussion_r1983229570
PR Review Comment: https://git.openjdk.org/jdk/pull/23929#discussion_r1983232405
PR Review Comment: https://git.openjdk.org/jdk/pull/23929#discussion_r1983232786
PR Review Comment: https://git.openjdk.org/jdk/pull/23929#discussion_r1983232968
