smolnar82 opened a new pull request, #1062: URL: https://github.com/apache/knox/pull/1062
:exclamation::exclamation::exclamation:IMPORTANT:exclamation::exclamation::exclamation: This PR is an almost identical copy of #914 (including this description), except: - sanitizer configuration init is extracted to a private method - a new factory method was created in a singleton class to ensure the new `SanitizedException` still complies with the Single Responsibility principal, but sanitization is centralized and reusable. - new test cases added to the sanitization logic - new exception constructor w/o message ## What changes were proposed in this pull request? This pull request introduces a mechanism to sanitize error messages in the `GatewayServlet` to improve security by hiding IP addresses from exception messages. The following changes were made: - Added a `isErrorMessageSanitizationEnabled` flag to the `GatewayServlet` to control whether error messages should be sanitized. - Implemented the `sanitizeException` and `sanitizeAndRethrow` methods in `GatewayServlet` to handle exception sanitization. - Updated the `GatewayConfig` interface and its implementation `GatewayConfigImpl` to include a new method `isErrorMessageSanitizationEnabled`. - Created the `GatewayServletTest` class to parameterize tests for scenarios where sanitization is enabled and disabled. ## How was this patch tested? This patch was tested using the following methods: - Parameterized unit tests were added to `GatewayServletTest` to cover both scenarios where error message sanitization is enabled and disabled. - Manual review and inspection of the code changes to ensure accuracy and completeness. Test steps: 1. Added unit tests in `GatewayServletTest` to check for sanitized and non-sanitized error messages. 2. Verified the new tests pass successfully, ensuring error messages are appropriately sanitized or left unchanged based on the configuration. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org