Key Sign/Verify and logging system restructuring #12
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| byte[] signature = signatureService.sign(keyId, request.getMessage(), request.getVersion()); | ||
| return ResponseEntity.ok(Base64.getEncoder().encodeToString(signature)); | ||
| } catch (GeneralSecurityException | IllegalArgumentException e) { | ||
| return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(e.getMessage()); |
Check warning
Code scanning / CodeQL
Information exposure through an error message Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 4 months ago
To fix the problem, modify the controller methods so that, instead of returning the exception's message in the HTTP response, they return a generic error message (e.g., "Invalid input" or "Bad request"). Server-side logging for the exception can be added so that error details are available for diagnostics, but not exposed to the client. The changes should be made in MiniKms/src/main/java/ftn/security/minikms/controller/SignatureController.java for both the sign and verify endpoints (lines 32 and 50). No new dependencies are required, as standard logging is available in Java (e.g., using java.util.logging.Logger), but we may need to add a logger field to the class. Specifically:
- Add a
private static final Loggerto the controller. - Log the exception inside the
catchblocks. - Change the response to use a generic error message, e.g.,
"Invalid request".
| @@ -10,6 +10,7 @@ | ||
| import org.springframework.web.bind.annotation.*; | ||
|
|
||
| import java.security.GeneralSecurityException; | ||
| import java.util.logging.Logger; | ||
| import java.security.Principal; | ||
| import java.util.Base64; | ||
| import java.util.UUID; | ||
| @@ -18,6 +19,8 @@ | ||
| @RequestMapping("/api/v1/signatures") | ||
| public class SignatureController { | ||
|
|
||
| private static final Logger LOGGER = Logger.getLogger(SignatureController.class.getName()); | ||
|
|
||
| @Autowired | ||
| private SignatureService signatureService; | ||
|
|
||
| @@ -29,7 +32,8 @@ | ||
| byte[] signature = signatureService.sign(keyId, request.getMessage(), request.getVersion()); | ||
| return ResponseEntity.ok(Base64.getEncoder().encodeToString(signature)); | ||
| } catch (GeneralSecurityException | IllegalArgumentException e) { | ||
| return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(e.getMessage()); | ||
| LOGGER.warning("Sign operation failed: " + e.getMessage()); | ||
| return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid request"); | ||
| } | ||
| } | ||
|
|
||
| @@ -47,7 +51,8 @@ | ||
| ); | ||
| return ResponseEntity.ok(valid ? "VALID" : "INVALID"); | ||
| } catch (GeneralSecurityException | IllegalArgumentException e) { | ||
| return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(e.getMessage()); | ||
| LOGGER.warning("Verify operation failed: " + e.getMessage()); | ||
| return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid request"); | ||
| } | ||
| } | ||
| } |
| ); | ||
| return ResponseEntity.ok(valid ? "VALID" : "INVALID"); | ||
| } catch (GeneralSecurityException | IllegalArgumentException e) { | ||
| return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(e.getMessage()); |
Check warning
Code scanning / CodeQL
Information exposure through an error message Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 4 months ago
To fix the problem, the code should not directly send exception messages back to the API caller. Instead, it should respond with a generic, non-informative message, such as "Invalid input" or "An error has occurred." The actual exception message should be logged on the server for debugging purposes.
Specifically, in SignatureController.java, lines 32 and 50 need updating so that instead of returning e.getMessage() in the response body, a generic string is returned, and the details of the exception are logged using a standard logger. To accomplish this, we should introduce a logger in the controller (e.g., with org.slf4j.Logger and LoggerFactory).
Required steps:
- Import or define a logger in the controller class.
- Replace all usages of
e.getMessage()in response bodies with a generic message. - Log the exception details to the server log using the logger.
| @@ -9,6 +9,8 @@ | ||
| import org.springframework.transaction.annotation.Transactional; | ||
| import org.springframework.web.bind.annotation.*; | ||
|
|
||
| import org.slf4j.Logger; | ||
| import org.slf4j.LoggerFactory; | ||
| import java.security.GeneralSecurityException; | ||
| import java.security.Principal; | ||
| import java.util.Base64; | ||
| @@ -18,6 +20,8 @@ | ||
| @RequestMapping("/api/v1/signatures") | ||
| public class SignatureController { | ||
|
|
||
| private static final Logger logger = LoggerFactory.getLogger(SignatureController.class); | ||
|
|
||
| @Autowired | ||
| private SignatureService signatureService; | ||
|
|
||
| @@ -29,7 +33,8 @@ | ||
| byte[] signature = signatureService.sign(keyId, request.getMessage(), request.getVersion()); | ||
| return ResponseEntity.ok(Base64.getEncoder().encodeToString(signature)); | ||
| } catch (GeneralSecurityException | IllegalArgumentException e) { | ||
| return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(e.getMessage()); | ||
| logger.error("Error during signing", e); | ||
| return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid input"); | ||
| } | ||
| } | ||
|
|
||
| @@ -47,7 +52,8 @@ | ||
| ); | ||
| return ResponseEntity.ok(valid ? "VALID" : "INVALID"); | ||
| } catch (GeneralSecurityException | IllegalArgumentException e) { | ||
| return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(e.getMessage()); | ||
| logger.error("Error during verification", e); | ||
| return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid input"); | ||
| } | ||
| } | ||
| } |
No description provided.