diff --git a/omod-common/src/main/java/org/openmrs/module/webservices/rest/web/RestConstants.java b/omod-common/src/main/java/org/openmrs/module/webservices/rest/web/RestConstants.java index 4e10e700c..e2a204ae7 100644 --- a/omod-common/src/main/java/org/openmrs/module/webservices/rest/web/RestConstants.java +++ b/omod-common/src/main/java/org/openmrs/module/webservices/rest/web/RestConstants.java @@ -207,7 +207,11 @@ public class RestConstants { */ public static final String PRIV_GET_SERVER_LOGS = "Get Server Logs"; /** - * Constants used for the StackTrace Details in error response + * Global property name used to enable or disable the inclusion of stack trace details + * in the error response. + * + * When this property is set to 'true', stack trace details will be included in error + * responses. When set to 'false', stack trace details will be omitted. */ public static String ENABLE_STACK_TRACE_DETAILS_GLOBAL_PROPERTY_NAME = MODULE_ID + ".enableStackTraceDetails"; } diff --git a/omod-common/src/main/java/org/openmrs/module/webservices/rest/web/RestUtil.java b/omod-common/src/main/java/org/openmrs/module/webservices/rest/web/RestUtil.java index f92eb5525..99fec532d 100644 --- a/omod-common/src/main/java/org/openmrs/module/webservices/rest/web/RestUtil.java +++ b/omod-common/src/main/java/org/openmrs/module/webservices/rest/web/RestUtil.java @@ -828,13 +828,13 @@ public static SimpleObject wrapErrorResponse(Exception ex, String reason) { } else { map.put("message", "[" + message + "]"); } - StackTraceElement[] steElements = ex.getStackTrace(); - if (steElements.length > 0) { - StackTraceElement ste = ex.getStackTrace()[0]; - String stackTraceDetailsenabled_gp = Context.getAdministrationService() + StackTraceElement[] stackTraceElements = ex.getStackTrace(); + if (stackTraceElements.length > 0) { + StackTraceElement stackTraceElement = ex.getStackTrace()[0]; + String stackTraceDetailsEnabledGp = Context.getAdministrationService() .getGlobalPropertyValue(RestConstants.ENABLE_STACK_TRACE_DETAILS_GLOBAL_PROPERTY_NAME, "false"); - map.put("code", ste.getClassName() + ":" + ste.getLineNumber()); - if ("true".equalsIgnoreCase(stackTraceDetailsenabled_gp)) { + map.put("code", stackTraceElement.getClassName() + ":" + stackTraceElement.getLineNumber()); + if ("true".equalsIgnoreCase(stackTraceDetailsEnabledGp)) { map.put("detail", ExceptionUtils.getStackTrace(ex)); } else { map.put("detail", ""); diff --git a/omod-common/src/test/java/org/openmrs/module/webservices/rest/web/RestUtilTest.java b/omod-common/src/test/java/org/openmrs/module/webservices/rest/web/RestUtilTest.java index ed466a307..6f75932b0 100644 --- a/omod-common/src/test/java/org/openmrs/module/webservices/rest/web/RestUtilTest.java +++ b/omod-common/src/test/java/org/openmrs/module/webservices/rest/web/RestUtilTest.java @@ -212,7 +212,7 @@ public void wrapErrorResponse_shouldSetStackTraceDetailsIfGlobalPropEnabled() th SimpleObject returnObject = RestUtil.wrapErrorResponse(ex, "wraperrorresponsemessage"); LinkedHashMap errorResponseMap = (LinkedHashMap) returnObject.get("error"); - Assert.assertNotEquals("",errorResponseMap.get("detail")); + Assert.assertNotEquals("", errorResponseMap.get("detail")); } @Test public void wrapErrorResponse_shouldSetNoStackTraceDetailsIfGlobalPropDisabled() throws Exception { @@ -222,6 +222,6 @@ public void wrapErrorResponse_shouldSetNoStackTraceDetailsIfGlobalPropDisabled() SimpleObject returnObject = RestUtil.wrapErrorResponse(ex, "wraperrorresponsemessage"); LinkedHashMap errorResponseMap = (LinkedHashMap) returnObject.get("error"); - Assert.assertEquals("",errorResponseMap.get("detail")); + Assert.assertEquals("", errorResponseMap.get("detail")); } } diff --git a/omod/src/main/resources/config.xml b/omod/src/main/resources/config.xml index 55c5f4c05..0b2d6222f 100644 --- a/omod/src/main/resources/config.xml +++ b/omod/src/main/resources/config.xml @@ -85,7 +85,7 @@ @MODULE_ID@.enableStackTraceDetails true - If the value of this setting is "true",then details of stackTrace would be shown in the error response,However recommendation is to keep it as "false" from Security perspective, to avoid leaking implementation details. + If the value of this setting is "true", then the details of the stackTrace would be shown in the error response. However, the recommendation is to keep it as "false", from the Security perspective, to avoid leaking implementation details.