-
Notifications
You must be signed in to change notification settings - Fork 521
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deepthi M|Updated to show details of error message only when a global property is enabled,Fixed failing test cases and added new tests for the updated method. #591
Conversation
…l property is enabled,Fixed failing test cases and added new tests for the updated method.
A lot of formatting / spacing changes in the file. It will spoil the "history" of the file. Can u undo those and re-submit? |
@gsluthra I have updated the PR removing whitespaces please review |
omod/src/main/resources/config.xml
Outdated
<globalProperty> | ||
<property>@[email protected]</property> | ||
<defaultValue>true</defaultValue> | ||
<description>If the value of this setting is "true",then details of stackTrace would be shown in the error response</description> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add the following in the description: Recommend to keep it as "false" from Security perspective, to avoid leaking implementation details.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gsluthra sure added it.Please verify
@@ -831,13 +831,18 @@ public static SimpleObject wrapErrorResponse(Exception ex, String reason) { | |||
StackTraceElement[] steElements = ex.getStackTrace(); | |||
if (steElements.length > 0) { | |||
StackTraceElement ste = ex.getStackTrace()[0]; | |||
String stackTraceDetailsenabled_gp = Context.getAdministrationService() | |||
.getGlobalProperty(RestConstants.ENABLE_STACK_TRACE_DETAILS_GLOBAL_PROPERTY_NAME); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this property is NOT defined, what happen? Do you get NULL? If so, you might get a NullPointerException. I think there is an alternative method called getGlobalPropertyValue( name, "defaultValue") which handles the NPE scenario. Please check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gsluthra yes modified to have default as false .Now if we give some value to it it would consider that else it would always have a default as false to avoid NPE.Please verify
…fault value to global property as false when no value is given to it to avoid NPE
@@ -831,13 +831,18 @@ public static SimpleObject wrapErrorResponse(Exception ex, String reason) { | |||
StackTraceElement[] steElements = ex.getStackTrace(); | |||
if (steElements.length > 0) { | |||
StackTraceElement ste = ex.getStackTrace()[0]; | |||
String stackTraceDetailsenabled_gp = Context.getAdministrationService() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you take a look at our variable naming conventions? https://wiki.openmrs.org/display/docs/Java+Conventions#JavaConventions-NamingConventions
@@ -206,4 +206,8 @@ public class RestConstants { | |||
* Constants used for the Server Log REST Service privilege checking | |||
*/ | |||
public static final String PRIV_GET_SERVER_LOGS = "Get Server Logs"; | |||
/** | |||
* Constants used for the StackTrace Details in error response |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Constants
or Constant
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would also be more specific when describing the use for stack trace details? How does this constant affect the stack trace details? Is it this constant which contains the stack trace details in the error response?
@@ -82,6 +82,11 @@ | |||
<defaultValue>true</defaultValue> | |||
<description>If the value of this setting is "true", then nothing is logged while the Swagger specification is being generated.</description> | |||
</globalProperty> | |||
<globalProperty> | |||
<property>@[email protected]</property> | |||
<defaultValue>true</defaultValue> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We usually put space after commas.
SimpleObject returnObject = RestUtil.wrapErrorResponse(ex, "wraperrorresponsemessage"); | ||
|
||
LinkedHashMap errorResponseMap = (LinkedHashMap) returnObject.get("error"); | ||
Assert.assertNotEquals("",errorResponseMap.get("detail")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We usually put space after commas.
SimpleObject returnObject = RestUtil.wrapErrorResponse(ex, "wraperrorresponsemessage"); | ||
|
||
LinkedHashMap errorResponseMap = (LinkedHashMap) returnObject.get("error"); | ||
Assert.assertEquals("",errorResponseMap.get("detail")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We usually put space after commas.
omod/src/main/resources/config.xml
Outdated
<globalProperty> | ||
<property>@[email protected]</property> | ||
<defaultValue>true</defaultValue> | ||
<description>If the value of this setting is "true",then details of stackTrace would be shown in the error response,However recommendation is to keep it as "false" from Security perspective, to avoid leaking implementation details.</description> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the value of this setting is "true", then the details of the stackTrace would be shown in the error response. However, the recommendation is to keep it as "false", from the Security perspective, to avoid leaking implementation details.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dkayiwa Updated as per the review comments can you please review now
According to this https://wiki.openmrs.org/display/docs/Pull+Request+Tips, we also recommend including the ticket id in the commit message |
…ables,updated description in config.xml and added spaces after comma.
35dd26c
to
41ba9ba
Compare
@dkayiwa sure I have included ticket number in commit message now.Please review |
Do you mind also fixing the JIRA ticket link in the pull request description? |
Sure Updated the PR description with the ticket link. |
As part of this PR we have added a global property so that enabling the property to true will show the stackTrace details in error response and making it false will show empty string in details of error response
Modified the test class to fix the failing tests after this change and also added relevant tests for the change introduced.
Related Talk Thread:
https://talk.openmrs.org/t/how-to-stop-displaying-stacktrace-and-http-error-reports-generated-by-openmrs-and-display-instead-custom-error-response/35282/3
Description of what I changed
Issue I worked on
see https://issues.openmrs.org/browse/RESTWS-921
Checklist: I completed these to help reviewers :)
My IDE is configured to follow the code style of this project.
No? Unsure? -> configure your IDE, format the code and add the changes with
git add . && git commit --amend
I have added tests to cover my changes. (If you refactored
existing code that was well tested you do not have to add tests)
No? -> write tests and add them to this commit
git add . && git commit --amend
I ran
mvn clean package
right before creating this pull request andadded all formatting changes to my commit.
No? -> execute above command
All new and existing tests passed.
No? -> figure out why and add the fix to your commit. It is your responsibility to make sure your code works.
My pull request is based on the latest changes of the master branch.
No? Unsure? -> execute command
git pull --rebase upstream master