From 264735f78a62a92a2d53e1cb9a28276e8773c341 Mon Sep 17 00:00:00 2001 From: halibobo1205 Date: Fri, 12 Sep 2025 17:24:51 +0800 Subject: [PATCH] log(http): revert workaround for CodeQL java/error-message-exposure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Revert change to HTTP error message handling — workaround broke clients depending on original error output. --- .../core/services/http/GetBrokerageServlet.java | 3 ++- .../tron/core/services/http/GetRewardServlet.java | 3 ++- .../GetTransactionByIdSolidityServlet.java | 14 ++++++++++++-- .../GetTransactionInfoByIdSolidityServlet.java | 15 +++++++++++++-- 4 files changed, 29 insertions(+), 6 deletions(-) diff --git a/framework/src/main/java/org/tron/core/services/http/GetBrokerageServlet.java b/framework/src/main/java/org/tron/core/services/http/GetBrokerageServlet.java index 6ef22e198f9..1fbd94fe690 100644 --- a/framework/src/main/java/org/tron/core/services/http/GetBrokerageServlet.java +++ b/framework/src/main/java/org/tron/core/services/http/GetBrokerageServlet.java @@ -28,7 +28,8 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) { response.getWriter().println("{\"brokerage\": " + value + "}"); } catch (DecoderException | IllegalArgumentException e) { try { - response.getWriter().println("{\"Error\": " + "\"INVALID address\"}"); + response.getWriter() + .println("{\"Error\": " + "\"INVALID address, " + e.getMessage() + "\"}"); } catch (IOException ioe) { logger.debug("IOException: {}", ioe.getMessage()); } diff --git a/framework/src/main/java/org/tron/core/services/http/GetRewardServlet.java b/framework/src/main/java/org/tron/core/services/http/GetRewardServlet.java index 78042072df8..c4d97f46c57 100644 --- a/framework/src/main/java/org/tron/core/services/http/GetRewardServlet.java +++ b/framework/src/main/java/org/tron/core/services/http/GetRewardServlet.java @@ -27,7 +27,8 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) { response.getWriter().println("{\"reward\": " + value + "}"); } catch (DecoderException | IllegalArgumentException e) { try { - response.getWriter().println("{\"Error\": " + "\"INVALID address\"}"); + response.getWriter() + .println("{\"Error\": " + "\"INVALID address, " + e.getMessage() + "\"}"); } catch (IOException ioe) { logger.debug("IOException: {}", ioe.getMessage()); } diff --git a/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionByIdSolidityServlet.java b/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionByIdSolidityServlet.java index 5998bc0850f..f98c7450afc 100644 --- a/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionByIdSolidityServlet.java +++ b/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionByIdSolidityServlet.java @@ -30,7 +30,12 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) { String input = request.getParameter("value"); fillResponse(ByteString.copyFrom(ByteArray.fromHexString(input)), visible, response); } catch (Exception e) { - Util.processError(e, response); + logger.debug("Exception: {}", e.getMessage()); + try { + response.getWriter().println(e.getMessage()); + } catch (IOException ioe) { + logger.debug("IOException: {}", ioe.getMessage()); + } } } @@ -41,7 +46,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) JsonFormat.merge(params.getParams(), build, params.isVisible()); fillResponse(build.build().getValue(), params.isVisible(), response); } catch (Exception e) { - Util.processError(e, response); + logger.debug("Exception: {}", e.getMessage()); + try { + response.getWriter().println(e.getMessage()); + } catch (IOException ioe) { + logger.debug("IOException: {}", ioe.getMessage()); + } } } diff --git a/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionInfoByIdSolidityServlet.java b/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionInfoByIdSolidityServlet.java index 197f5aaec0d..0408215f09d 100644 --- a/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionInfoByIdSolidityServlet.java +++ b/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionInfoByIdSolidityServlet.java @@ -1,6 +1,7 @@ package org.tron.core.services.http.solidity; import com.google.protobuf.ByteString; +import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import lombok.extern.slf4j.Slf4j; @@ -36,7 +37,12 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) { response.getWriter().println(JsonFormat.printToString(transInfo, visible)); } } catch (Exception e) { - Util.processError(e, response); + logger.debug("Exception: {}", e.getMessage()); + try { + response.getWriter().println(e.getMessage()); + } catch (IOException ioe) { + logger.debug("IOException: {}", ioe.getMessage()); + } } } @@ -54,7 +60,12 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) response.getWriter().println(JsonFormat.printToString(transInfo, params.isVisible())); } } catch (Exception e) { - Util.processError(e, response); + logger.debug("Exception: {}", e.getMessage()); + try { + response.getWriter().println(e.getMessage()); + } catch (IOException ioe) { + logger.debug("IOException: {}", ioe.getMessage()); + } } }