Review feedback on message wording, fix whitespace char

gwtproject · Dec 20, 2023 · e45b8eb · e45b8eb
1 parent 47a2b34
commit e45b8eb
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 10 deletions.
diff --git a/user/src/com/google/gwt/user/rebind/rpc/SerializableTypeOracleBuilder.java b/user/src/com/google/gwt/user/rebind/rpc/SerializableTypeOracleBuilder.java
@@ -320,7 +320,7 @@ public boolean isAllowed(JClassType type) {
       JPA_ENTITY_ANNOTATION =
           Class.forName("javax.persistence.Entity").asSubclass(Annotation.class);
     } catch (ClassNotFoundException e) {
-      // Ignore, JPA_ENTITY_CAPABLE_ANNOTATION will be null
+      // Ignore, JPA_ENTITY_CAPABLE_ANNOTATION will be null
     }
   }
 
@@ -869,10 +869,11 @@ public SerializableTypeOracle build(TreeLogger logger) throws UnableToCompleteEx
 
       if (tic.maybeEnhanced()
           || (enhancedClasses != null && enhancedClasses.contains(type.getQualifiedSourceName()))) {
-        logger.log(TreeLogger.WARN, "The class " + type.getQualifiedSourceName() + " is both " +
-                "referenced from configuration as rpc.enhancedClasses and has JPA annotations. " +
-                "This makes the server vulnerable to an issue with deserialization of unsafe " +
-                "data. See https://github.com/gwtproject/gwt/issues/9709 for more information.");
+        logger.log(TreeLogger.WARN, "The class " + type.getQualifiedSourceName() + " has JPA " +
+                "annotations or is explicitly configured as an enhanced class using the " +
+                "configuration property rpc.enhancedClasses. This makes the server vulnerable " +
+                "to an issue with deserialization of unsafe data. See " +
+                "https://github.com/gwtproject/gwt/issues/9709 for more information.");
         type.setEnhanced();
       }
     }

diff --git a/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java b/user/src/com/google/gwt/user/server/rpc/RemoteServiceServlet.java
@@ -98,12 +98,12 @@ static SerializationPolicy loadSerializationPolicy(HttpServlet servlet,
                 null);
             if (serializationPolicy.hasClientFields()) {
               if (ENABLE_ENHANCED_CLASSES) {
-                servlet.log("WARNING: Enhanced JPA client fields are in use for this " +
-                        "application. See https://github.com/gwtproject/gwt/issues/9709 for " +
-                        "more detail. on the vulnerability that this presents.");
+                servlet.log("WARNING: Service deserializes enhanced JPA/JDO classes, which is " +
+                        "unsafe. See https://github.com/gwtproject/gwt/issues/9709 for more " +
+                        "detail on the vulnerability that this presents.");
               } else {
-                servlet.log("ERROR: Service uses enhanced classes, which are unsafe. Review " +
-                        "build logs to see where this can be fixed, or set " +
+                servlet.log("ERROR: Service deserializes enhanced JPA/JDO classes, which is " +
+                        "unsafe. Review build logs to see which classes are affected, or set " +
                         ENABLE_GWT_ENHANCED_CLASSES_PROPERTY + " to true to allow using this " +
                         "service. See https://github.com/gwtproject/gwt/issues/9709 for more " +
                         "detail.");