You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ra...@apache.org on 2018/02/09 11:12:20 UTC
[sling-org-apache-sling-xss] 01/01: SLING-7476 - Exceptions should
be logged correctly
This is an automated email from the ASF dual-hosted git repository.
radu pushed a commit to branch issue/SLING-7476
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git
commit 2b1a4860805576bde51408f6cca8465985456af6
Author: Radu Cotescu <ra...@apache.org>
AuthorDate: Fri Feb 9 12:12:01 2018 +0100
SLING-7476 - Exceptions should be logged correctly
* made sure all exceptions are logged
* added more detailed information about failures in debug messages
---
.../sling/xss/impl/HtmlToHtmlContentContext.java | 14 ++++++++++----
.../java/org/apache/sling/xss/impl/XSSAPIImpl.java | 21 ++++++++++++++-------
.../org/apache/sling/xss/impl/XSSFilterImpl.java | 3 ++-
3 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java b/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java
index be8be74..b3ad2cf 100644
--- a/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java
+++ b/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java
@@ -46,10 +46,13 @@ public class HtmlToHtmlContentContext implements XSSFilterRule {
try {
return policyHandler.getAntiSamy().scan(str).getNumberOfErrors() == 0;
} catch (final ScanException se) {
- throw new RuntimeException("Unable to scan input");
+ log.warn("Unable to scan input.", se);
+ log.debug("Provided input: {}", str);
} catch (final PolicyException pe) {
- return false;
+ log.warn("Unable to check input.", pe);
+ log.debug("Provided input: {}", str);
}
+ return false;
}
/**
@@ -70,10 +73,13 @@ public class HtmlToHtmlContentContext implements XSSFilterRule {
return cleaned;
} catch (final ScanException se) {
- throw new RuntimeException("Unable to scan input");
+ log.warn("Unable to scan input.", se);
+ log.debug("Provided input: {}", str);
} catch (final PolicyException pe) {
- throw new RuntimeException("Unable to scan input");
+ log.warn("Unable to check input.", pe);
+ log.debug("Provided input: {}", str);
}
+ return "";
}
/**
diff --git a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java
index f0d35e1..fe6c299 100644
--- a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java
+++ b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java
@@ -102,7 +102,8 @@ public class XSSAPIImpl implements XSSAPI {
try {
return validator.getValidInteger("XSS", integer, -2000000000, 2000000000, false);
} catch (Exception e) {
- // ignore
+ LOGGER.warn("Unable to get a valid integer from the input.", e);
+ LOGGER.debug("Integer input: {}", integer);
}
}
@@ -121,7 +122,8 @@ public class XSSAPIImpl implements XSSAPI {
ivr.setAllowNull(false);
return ivr.getValid("XSS", source);
} catch (Exception e) {
- // ignore
+ LOGGER.warn("Unable to get a valid long from the input.", e);
+ LOGGER.debug("Long input: {}", source);
}
}
@@ -138,7 +140,8 @@ public class XSSAPIImpl implements XSSAPI {
try {
return validator.getValidDouble("XSS", source, 0d, Double.MAX_VALUE, false);
} catch (Exception e) {
- // ignore
+ LOGGER.warn("Unable to get a valid double from the input.", e);
+ LOGGER.debug("Double input: {}", source);
}
}
@@ -159,7 +162,8 @@ public class XSSAPIImpl implements XSSAPI {
try {
return validator.getValidInteger("XSS", dimension, -10000, 10000, false).toString();
} catch (Exception e) {
- // ignore
+ LOGGER.warn("Unable to get a valid dimension from the input.", e);
+ LOGGER.debug("Dimension input: {}", dimension);
}
}
@@ -363,7 +367,8 @@ public class XSSAPIImpl implements XSSAPI {
Json.createGenerator(output).write(jsonReaderFactory.createReader(new StringReader(json)).readObject()).close();
return output.getBuffer().toString();
} catch (Exception e) {
- LOGGER.debug("JSON validation failed: " + e.getMessage(), e);
+ LOGGER.warn("Unable to get valid JSON from the input.", e);
+ LOGGER.debug("JSON input:\n{}", json);
}
} else {
try {
@@ -371,7 +376,8 @@ public class XSSAPIImpl implements XSSAPI {
Json.createGenerator(output).write(jsonReaderFactory.createReader(new StringReader(json)).readArray()).close();
return output.getBuffer().toString();
} catch (Exception e) {
- LOGGER.debug("JSON validation failed: " + e.getMessage(), e);
+ LOGGER.warn("Unable to get valid JSON from the input.", e);
+ LOGGER.debug("JSON input:\n{}", json);
}
}
return getValidJSON(defaultJson, "");
@@ -396,7 +402,8 @@ public class XSSAPIImpl implements XSSAPI {
reader.parse(new InputSource(new StringReader(xml)));
return xml;
} catch (Exception e) {
- LOGGER.debug("XML validation failed: " + e.getMessage(), e);
+ LOGGER.warn("Unable to get valid XML from the input.", e);
+ LOGGER.debug("XML input:\n{}", xml);
}
return getValidXML(defaultXml, "");
}
diff --git a/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java b/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
index 2c5571e..b155d49 100644
--- a/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
+++ b/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
@@ -140,7 +140,8 @@ public class XSSFilterImpl implements XSSFilter, ResourceChangeListener, Externa
}
return runHrefValidation(xmlDecodedURL);
} catch (UnsupportedEncodingException e) {
- logger.error("Unable to decode url: {}.", url);
+ logger.warn("Unable to decode url.", e);
+ logger.debug("URL input: {}", url);
}
return false;
}
--
To stop receiving notification emails like this one, please contact
radu@apache.org.