From 4129c1f6592616ad8731e29c95092634699f96be Mon Sep 17 00:00:00 2001 From: gtully Date: Fri, 17 May 2019 17:06:20 +0100 Subject: [PATCH] AMQ-7209 suppress stack trace in stomp error frame for SecurityExceptions to avoid any implementation detail leakage, fix and test --- .../apache/activemq/transport/stomp/ProtocolConverter.java | 6 +++++- .../java/org/apache/activemq/transport/stomp/StompTest.java | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java index a89d5ee896..39b6d09b95 100644 --- a/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java +++ b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/ProtocolConverter.java @@ -297,7 +297,11 @@ public class ProtocolConverter { // Let the stomp client know about any protocol errors. ByteArrayOutputStream baos = new ByteArrayOutputStream(); PrintWriter stream = new PrintWriter(new OutputStreamWriter(baos, "UTF-8")); - exception.printStackTrace(stream); + if (exception instanceof SecurityException || exception.getCause() instanceof SecurityException) { + stream.write(exception.getLocalizedMessage()); + } else { + exception.printStackTrace(stream); + } stream.close(); HashMap headers = new HashMap<>(); diff --git a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTest.java b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTest.java index 7ded5031b5..5e96385eec 100644 --- a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTest.java +++ b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTest.java @@ -901,6 +901,7 @@ public class StompTest extends StompTestSupport { try { String f = stompConnection.receiveFrame(); assertTrue(f.startsWith("ERROR")); + assertFalse("no stack trace impl leak:" + f, f.contains("at ")); } catch (IOException socketMayBeClosedFirstByBroker) {} } @@ -913,6 +914,7 @@ public class StompTest extends StompTestSupport { try { String f = stompConnection.receiveFrame(); assertTrue(f.startsWith("ERROR")); + assertFalse("no stack trace impl leak:" + f, f.contains("at ")); } catch (IOException socketMayBeClosedFirstByBroker) {} } @@ -930,6 +932,7 @@ public class StompTest extends StompTestSupport { stompConnection.sendFrame(frame); String f = stompConnection.receiveFrame(); assertTrue(f.startsWith("ERROR")); + assertFalse("no stack trace impl leak:" + f, f.contains("at ")); } @Test(timeout = 60000) @@ -946,6 +949,7 @@ public class StompTest extends StompTestSupport { stompConnection.sendFrame(frame); frame = stompConnection.receiveFrame(); assertTrue(frame.startsWith("ERROR")); + assertFalse("no stack trace impl leak:" + frame, frame.contains("at ")); } @Test(timeout = 60000) @@ -964,6 +968,7 @@ public class StompTest extends StompTestSupport { frame = stompConnection.receiveFrame(); assertTrue(frame.startsWith("ERROR")); assertTrue("Error Frame did not contain receipt-id", frame.indexOf(Stomp.Headers.Response.RECEIPT_ID) >= 0); + assertFalse("no stack trace impl leak:" + frame, frame.contains("at ")); } @Test(timeout = 60000)