From c4f117e74b8ade8b420f0443955ec6b94f88cee4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 9 Dec 2020 18:20:56 +0100
Subject: add findSecBugs extension into spotbugs plug-in

---
 .../services/ProtocolAuthenticationService.java    | 35 ++++++----------------
 1 file changed, 9 insertions(+), 26 deletions(-)

(limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth')

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 50bf76db..4410267e 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -20,8 +20,6 @@
 package at.gv.egiz.eaaf.core.impl.idp.auth.services;
 
 import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.StringWriter;
 import java.util.HashSet;
 
 import javax.annotation.PostConstruct;
@@ -32,6 +30,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.text.StringEscapeUtils;
+import org.owasp.encoder.Encode;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -286,7 +285,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
       // write generic message for general exceptions
       final String msg =
           statusMessager.getMessage(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null);
-      writeHtmlErrorResponse(req, resp, msg, "9199", null, (Exception) throwable);
+      writeHtmlErrorResponse(req, resp, msg, "9199", null);
 
     }
 
@@ -460,8 +459,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 
   private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq,
       @NonNull final HttpServletResponse httpResp, @NonNull final String msg,
-      @NonNull final String errorCode, @Nullable final Object[] params,
-      @NonNull final Exception error) throws EaafException {
+      @NonNull final String errorCode, @Nullable final Object[] params) throws EaafException {
 
     try {
       final IGuiBuilderConfiguration config =
@@ -492,14 +490,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
             AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODEPARAMS,
             ArrayUtils.toString(errorCodeParams));
 
-        // add stacktrace if debug is enabled
-        if (log.isTraceEnabled()) {
-          ((ModifyableGuiBuilderConfiguration) config).putCustomParameter(
-              AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORSTACKTRACE,
-              getStacktraceFromException(error));
-
-        }
-
       } else {
         log.info(
             "Can not ADD error message, because 'GUIBuilderConfiguration' is not modifieable ");
@@ -515,18 +505,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 
   }
 
-  private String getStacktraceFromException(final Exception ex) {
-    final StringWriter errors = new StringWriter();
-    ex.printStackTrace(new PrintWriter(errors));
-    return errors.toString();
-
-  }
-
   private void internalMoaidExceptionHandler(final HttpServletRequest req,
       final HttpServletResponse resp, final Exception e, final boolean writeExceptionToStatisicLog)
       throws IOException, EaafException {
     if (e instanceof ProtocolNotActiveException) {
-      resp.getWriter().write(e.getMessage());
+      resp.getWriter().write(Encode.forHtml(e.getMessage()));
       resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8);
       resp.sendError(HttpServletResponse.SC_FORBIDDEN,
           StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage())));
@@ -540,27 +523,27 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 
       // write error message
       writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e),
-          null, e);
+          null);
 
     } else if (e instanceof InvalidProtocolRequestException) {
       // send error response
       writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e),
-          null, e);
+          null);
 
     } else if (e instanceof ConfigurationException) {
       // send HTML formated error message
       writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e),
-          null, e);
+          null);
 
     } else if (e instanceof EaafException) {
       // send HTML formated error message
       writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e),
-          ((EaafException) e).getParams(), e);
+          ((EaafException) e).getParams());
 
     } else if (e instanceof ProcessExecutionException) {
       // send HTML formated error message
       writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e),
-          null, e);
+          null);
 
     }
 
-- 
cgit v1.2.3