This is an automated email from the ASF dual-hosted git repository. radu pushed a commit to branch issue/SLING-7476 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git
commit 2b1a4860805576bde51408f6cca8465985456af6 Author: Radu Cotescu <r...@apache.org> AuthorDate: Fri Feb 9 12:12:01 2018 +0100 SLING-7476 - Exceptions should be logged correctly * made sure all exceptions are logged * added more detailed information about failures in debug messages --- .../sling/xss/impl/HtmlToHtmlContentContext.java | 14 ++++++++++---- .../java/org/apache/sling/xss/impl/XSSAPIImpl.java | 21 ++++++++++++++------- .../org/apache/sling/xss/impl/XSSFilterImpl.java | 3 ++- 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java b/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java index be8be74..b3ad2cf 100644 --- a/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java +++ b/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java @@ -46,10 +46,13 @@ public class HtmlToHtmlContentContext implements XSSFilterRule { try { return policyHandler.getAntiSamy().scan(str).getNumberOfErrors() == 0; } catch (final ScanException se) { - throw new RuntimeException("Unable to scan input"); + log.warn("Unable to scan input.", se); + log.debug("Provided input: {}", str); } catch (final PolicyException pe) { - return false; + log.warn("Unable to check input.", pe); + log.debug("Provided input: {}", str); } + return false; } /** @@ -70,10 +73,13 @@ public class HtmlToHtmlContentContext implements XSSFilterRule { return cleaned; } catch (final ScanException se) { - throw new RuntimeException("Unable to scan input"); + log.warn("Unable to scan input.", se); + log.debug("Provided input: {}", str); } catch (final PolicyException pe) { - throw new RuntimeException("Unable to scan input"); + log.warn("Unable to check input.", pe); + log.debug("Provided input: {}", str); } + return ""; } /** diff --git a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java index f0d35e1..fe6c299 100644 --- a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java +++ b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java @@ -102,7 +102,8 @@ public class XSSAPIImpl implements XSSAPI { try { return validator.getValidInteger("XSS", integer, -2000000000, 2000000000, false); } catch (Exception e) { - // ignore + LOGGER.warn("Unable to get a valid integer from the input.", e); + LOGGER.debug("Integer input: {}", integer); } } @@ -121,7 +122,8 @@ public class XSSAPIImpl implements XSSAPI { ivr.setAllowNull(false); return ivr.getValid("XSS", source); } catch (Exception e) { - // ignore + LOGGER.warn("Unable to get a valid long from the input.", e); + LOGGER.debug("Long input: {}", source); } } @@ -138,7 +140,8 @@ public class XSSAPIImpl implements XSSAPI { try { return validator.getValidDouble("XSS", source, 0d, Double.MAX_VALUE, false); } catch (Exception e) { - // ignore + LOGGER.warn("Unable to get a valid double from the input.", e); + LOGGER.debug("Double input: {}", source); } } @@ -159,7 +162,8 @@ public class XSSAPIImpl implements XSSAPI { try { return validator.getValidInteger("XSS", dimension, -10000, 10000, false).toString(); } catch (Exception e) { - // ignore + LOGGER.warn("Unable to get a valid dimension from the input.", e); + LOGGER.debug("Dimension input: {}", dimension); } } @@ -363,7 +367,8 @@ public class XSSAPIImpl implements XSSAPI { Json.createGenerator(output).write(jsonReaderFactory.createReader(new StringReader(json)).readObject()).close(); return output.getBuffer().toString(); } catch (Exception e) { - LOGGER.debug("JSON validation failed: " + e.getMessage(), e); + LOGGER.warn("Unable to get valid JSON from the input.", e); + LOGGER.debug("JSON input:\n{}", json); } } else { try { @@ -371,7 +376,8 @@ public class XSSAPIImpl implements XSSAPI { Json.createGenerator(output).write(jsonReaderFactory.createReader(new StringReader(json)).readArray()).close(); return output.getBuffer().toString(); } catch (Exception e) { - LOGGER.debug("JSON validation failed: " + e.getMessage(), e); + LOGGER.warn("Unable to get valid JSON from the input.", e); + LOGGER.debug("JSON input:\n{}", json); } } return getValidJSON(defaultJson, ""); @@ -396,7 +402,8 @@ public class XSSAPIImpl implements XSSAPI { reader.parse(new InputSource(new StringReader(xml))); return xml; } catch (Exception e) { - LOGGER.debug("XML validation failed: " + e.getMessage(), e); + LOGGER.warn("Unable to get valid XML from the input.", e); + LOGGER.debug("XML input:\n{}", xml); } return getValidXML(defaultXml, ""); } diff --git a/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java b/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java index 2c5571e..b155d49 100644 --- a/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java +++ b/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java @@ -140,7 +140,8 @@ public class XSSFilterImpl implements XSSFilter, ResourceChangeListener, Externa } return runHrefValidation(xmlDecodedURL); } catch (UnsupportedEncodingException e) { - logger.error("Unable to decode url: {}.", url); + logger.warn("Unable to decode url.", e); + logger.debug("URL input: {}", url); } return false; } -- To stop receiving notification emails like this one, please contact r...@apache.org.