-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(CodeQL) Fixed finding: "Prevent information leak of stack trace details to HTTP responses" #109
base: main
Are you sure you want to change the base?
Conversation
…ils to HTTP responses"
@pixeebot next |
1 similar comment
@pixeebot next |
I'm confident in this change, but I'm not a maintainer of this project. Do you see any reason not to merge it? If this change was not helpful, or you have suggestions for improvements, please let me know! |
@pixeebot next |
1 similar comment
@pixeebot next |
Just a friendly ping to remind you about this change. If there are concerns about it, we'd love to hear about them! |
This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know! You can also customize me to make sure I'm working with you in the way you want. |
@pixeebot next |
Quality Gate passedIssues Measures |
@pixeebot next |
@pixeebot next |
Remediation
This change fixes "Prevent information leak of stack trace details to HTTP responses" (id = stack-trace-exposure) identified by CodeQL.
Details
This change prevents stack trace information from reaching the HTTP response, which could leak code internals to an attacker and aid in further profiling and attacks.
Have you ever seen an error page and thought, "Wow, I certainly shouldn't be seeing all these code details?" That's this problem.
Switching to a safe signature that doesn't leak anything is easy and the changes look something like this:
More reading
I have additional improvements ready for this repo! If you want to see them, leave the comment:
... and I will open a new PR right away!
🧚🤖 Powered by Pixeebot
Feedback | Community | Docs | Codemod ID: codeql:java/stack-trace-exposure