[jira] [Work logged] (KNOX-3039) IP Address Exposure in HTTP 500 Error Message

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3039?focusedWorklogId=922025&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-922025
 ]

ASF GitHub Bot logged work on KNOX-3039:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 04/Jun/24 19:17
            Start Date: 04/Jun/24 19:17
    Worklog Time Spent: 10m 
      Work Description: pzampino commented on code in PR #914:
URL: https://github.com/apache/knox/pull/914#discussion_r1626496448


##########
gateway-server/src/main/java/org/apache/knox/gateway/GatewayServlet.java:
##########
@@ -277,4 +278,34 @@ public Enumeration<String> getInitParameterNames() {
       return config.getInitParameterNames();
     }
   }
+
+  private Exception sanitizeException(Exception e) {
+    if (e == null || e.getMessage() == null) {
+      return e;
+    }
+    if (!isErrorMessageSanitizationEnabled || e.getMessage() == null) {
+      return e;
+    }
+    String sanitizedMessage = 
e.getMessage().replaceAll("\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b", "[hidden]");
+    return createNewException(e, sanitizedMessage);
+  }
+
+  private <T extends Exception> T createNewException(T e, String 
sanitizedMessage) {
+    try {
+      Constructor<? extends Exception> constructor = 
e.getClass().getConstructor(String.class, Throwable.class);
+      T sanitizedException = (T) constructor.newInstance(sanitizedMessage, 
e.getCause());
+      sanitizedException.setStackTrace(e.getStackTrace());
+      return sanitizedException;
+    } catch (Exception ex) {
+      Exception genericException = new Exception(sanitizedMessage, 
e.getCause());
+      genericException.setStackTrace(e.getStackTrace());
+      return (T) genericException;
+    }
+  }
+
+  private <T extends Exception> T sanitizeAndRethrow(Exception e) throws T {
+    Exception sanitizedException = sanitizeException(e);
+    LOG.failedToExecuteFilter(sanitizedException);
+    throw (T) sanitizedException;

Review Comment:
   It seems to me that all the callers of this method invoke it as `throw 
sanitizeAndRethrow(e) ` ; If this method **return**ed the new exception object, 
it would be thrown by those invocations, no?





Issue Time Tracking
-------------------

    Worklog Id:     (was: 922025)
    Time Spent: 2.5h  (was: 2h 20m)

> IP Address Exposure in HTTP 500 Error Message
> ---------------------------------------------
>
>                 Key: KNOX-3039
>                 URL: https://issues.apache.org/jira/browse/KNOX-3039
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Guillermo Kardolus
>            Priority: Major
>          Time Spent: 2.5h
>  Remaining Estimate: 0h
>
> A potential security vulnerability has been identified in Apache Knox where 
> internal IP addresses are exposed in HTTP 500 error messages. This issue can 
> occur when a user modifies the URL for one of the proxy services, leading to 
> an error page that includes the IP address of the internal service.
> *Steps to Reproduce:*
>  # Navigate to a proxy service URL, for example:
> {{<[https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=8051]>}}
>  # Modify the {{port}} parameter to an invalid port, such as:
> {{<[https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=9999]>}}
>  # Observe the resulting HTTP 500 error message which includes the internal 
> IP address.
> *Observed Behavior:* The error message reveals the internal IP address in the 
> stack trace, which can be used by an attacker for port scanning and other 
> malicious activities.
> *Example:*
> {code:java}
> HTTP ERROR 500 java.io.IOException: java.io.IOException: Service connectivity 
> error.
> MESSAGE: java.io.IOException: java.io.IOException: Service connectivity error.
> ...
> CAUSED BY: java.io.IOException: Connect to example.com:9996 
> [example.com/10.140.190.10] failed: Connection refused (Connection refused)
> ... {code}
> *Expected Behavior:* Error messages should not expose internal IP addresses. 
> Instead, they should be sanitized to prevent the disclosure of sensitive 
> information.
> *Proposed Solution:*
>  # *Sanitization Mechanism:* Implement a mechanism to sanitize error messages 
> before they are sent to the client. This can include replacing IP addresses 
> with placeholders such as {{{}[hidden]{}}}.
>  # *Configuration Options:* Provide configuration options for users to enable 
> or disable this sanitization based on their security needs. By default, users 
> should opt-in to this new sanitization functionality, with an option to 
> opt-out if necessary.
>  # *Knox-specific Error Page:* Alternatively, consider implementing a 
> Knox-specific error page that displays an error message without revealing any 
> sensitive information.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)