api(CodeQL): fix error message exposure in http response #6449
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Revert change to HTTP error message handling — workaround broke clients depending on original error output.
halibobo1205
changed the title
lvs0075
approved these changes
Sep 17, 2025
317787106
reviewed
Sep 17, 2025
| response.getWriter().println(e.getMessage()); | ||
| } catch (IOException ioe) { | ||
| logger.debug("IOException: {}", ioe.getMessage()); | ||
| } |
There was a problem hiding this comment.
Maybe it's not a good idea to modify the error message and remove Exception for every API. A better solution would be to update the implementation of Util.processError uniformly.
There was a problem hiding this comment.
@317787106 This is a legacy API; do not modify anything, even the error messages.
317787106
approved these changes
Sep 18, 2025
6 tasks
0xbigapple
approved these changes
Sep 18, 2025
kuny0707
approved these changes
Sep 18, 2025
halibobo1205
added a commit
to halibobo1205/java-tron
that referenced
this pull request
Oct 14, 2025
…ronprotocol#6449) Revert change to HTTP error message handling — workaround broke clients depending on original error output.
kuny0707
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Revert the change to HTTP error message handling, pre PR #6417
Why are these changes required?
The workaround broke clients depending on the original error output.
This PR has been tested by:
Follow up
We may need to open a new issue to discuss how to resolve this warning going forward.
Extra details