You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ra...@apache.org on 2018/02/09 11:12:19 UTC

[sling-org-apache-sling-xss] branch issue/SLING-7476 created (now 2b1a486)

This is an automated email from the ASF dual-hosted git repository.

radu pushed a change to branch issue/SLING-7476
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git.


      at 2b1a486  SLING-7476 - Exceptions should be logged correctly

This branch includes the following new commits:

     new 2b1a486  SLING-7476 - Exceptions should be logged correctly

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


-- 
To stop receiving notification emails like this one, please contact
radu@apache.org.

[sling-org-apache-sling-xss] 01/01: SLING-7476 - Exceptions should be logged correctly

Posted by ra...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

radu pushed a commit to branch issue/SLING-7476
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git

commit 2b1a4860805576bde51408f6cca8465985456af6
Author: Radu Cotescu <ra...@apache.org>
AuthorDate: Fri Feb 9 12:12:01 2018 +0100

    SLING-7476 - Exceptions should be logged correctly
    
    * made sure all exceptions are logged
    * added more detailed information about failures in debug messages
---
 .../sling/xss/impl/HtmlToHtmlContentContext.java    | 14 ++++++++++----
 .../java/org/apache/sling/xss/impl/XSSAPIImpl.java  | 21 ++++++++++++++-------
 .../org/apache/sling/xss/impl/XSSFilterImpl.java    |  3 ++-
 3 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java b/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java
index be8be74..b3ad2cf 100644
--- a/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java
+++ b/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java
@@ -46,10 +46,13 @@ public class HtmlToHtmlContentContext implements XSSFilterRule {
         try {
             return policyHandler.getAntiSamy().scan(str).getNumberOfErrors() == 0;
         } catch (final ScanException se) {
-            throw new RuntimeException("Unable to scan input");
+            log.warn("Unable to scan input.", se);
+            log.debug("Provided input: {}", str);
         } catch (final PolicyException pe) {
-            return false;
+            log.warn("Unable to check input.", pe);
+            log.debug("Provided input: {}", str);
         }
+        return false;
     }
 
     /**
@@ -70,10 +73,13 @@ public class HtmlToHtmlContentContext implements XSSFilterRule {
 
             return cleaned;
         } catch (final ScanException se) {
-            throw new RuntimeException("Unable to scan input");
+            log.warn("Unable to scan input.", se);
+            log.debug("Provided input: {}", str);
         } catch (final PolicyException pe) {
-            throw new RuntimeException("Unable to scan input");
+            log.warn("Unable to check input.", pe);
+            log.debug("Provided input: {}", str);
         }
+        return "";
     }
 
     /**
diff --git a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java
index f0d35e1..fe6c299 100644
--- a/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java
+++ b/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java
@@ -102,7 +102,8 @@ public class XSSAPIImpl implements XSSAPI {
             try {
                 return validator.getValidInteger("XSS", integer, -2000000000, 2000000000, false);
             } catch (Exception e) {
-                // ignore
+                LOGGER.warn("Unable to get a valid integer from the input.", e);
+                LOGGER.debug("Integer input: {}", integer);
             }
         }
 
@@ -121,7 +122,8 @@ public class XSSAPIImpl implements XSSAPI {
                 ivr.setAllowNull(false);
                 return ivr.getValid("XSS", source);
             } catch (Exception e) {
-                // ignore
+                LOGGER.warn("Unable to get a valid long from the input.", e);
+                LOGGER.debug("Long input: {}", source);
             }
         }
 
@@ -138,7 +140,8 @@ public class XSSAPIImpl implements XSSAPI {
             try {
                 return validator.getValidDouble("XSS", source, 0d, Double.MAX_VALUE, false);
             } catch (Exception e) {
-                // ignore
+                LOGGER.warn("Unable to get a valid double from the input.", e);
+                LOGGER.debug("Double input: {}", source);
             }
         }
 
@@ -159,7 +162,8 @@ public class XSSAPIImpl implements XSSAPI {
             try {
                 return validator.getValidInteger("XSS", dimension, -10000, 10000, false).toString();
             } catch (Exception e) {
-                // ignore
+                LOGGER.warn("Unable to get a valid dimension from the input.", e);
+                LOGGER.debug("Dimension input: {}", dimension);
             }
         }
 
@@ -363,7 +367,8 @@ public class XSSAPIImpl implements XSSAPI {
                 Json.createGenerator(output).write(jsonReaderFactory.createReader(new StringReader(json)).readObject()).close();
                 return output.getBuffer().toString();
             } catch (Exception e) {
-                LOGGER.debug("JSON validation failed: " + e.getMessage(), e);
+                LOGGER.warn("Unable to get valid JSON from the input.", e);
+                LOGGER.debug("JSON input:\n{}", json);
             }
         } else {
             try {
@@ -371,7 +376,8 @@ public class XSSAPIImpl implements XSSAPI {
                 Json.createGenerator(output).write(jsonReaderFactory.createReader(new StringReader(json)).readArray()).close();
                 return output.getBuffer().toString();
             } catch (Exception e) {
-                LOGGER.debug("JSON validation failed: " + e.getMessage(), e);
+                LOGGER.warn("Unable to get valid JSON from the input.", e);
+                LOGGER.debug("JSON input:\n{}", json);
             }
         }
         return getValidJSON(defaultJson, "");
@@ -396,7 +402,8 @@ public class XSSAPIImpl implements XSSAPI {
             reader.parse(new InputSource(new StringReader(xml)));
             return xml;
         } catch (Exception e) {
-            LOGGER.debug("XML validation failed: " + e.getMessage(), e);
+            LOGGER.warn("Unable to get valid XML from the input.", e);
+            LOGGER.debug("XML input:\n{}", xml);
         }
         return getValidXML(defaultXml, "");
     }
diff --git a/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java b/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
index 2c5571e..b155d49 100644
--- a/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
+++ b/src/main/java/org/apache/sling/xss/impl/XSSFilterImpl.java
@@ -140,7 +140,8 @@ public class XSSFilterImpl implements XSSFilter, ResourceChangeListener, Externa
             }
             return runHrefValidation(xmlDecodedURL);
         } catch (UnsupportedEncodingException e) {
-            logger.error("Unable to decode url: {}.", url);
+            logger.warn("Unable to decode url.", e);
+            logger.debug("URL input: {}", url);
         }
         return false;
     }

-- 
To stop receiving notification emails like this one, please contact
radu@apache.org.