[
https://issues.apache.org/jira/browse/KNOX-3039?focusedWorklogId=975490&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-975490
]
ASF GitHub Bot logged work on KNOX-3039:
----------------------------------------
Author: ASF GitHub Bot
Created on: 21/Jul/25 14:50
Start Date: 21/Jul/25 14:50
Worklog Time Spent: 10m
Work Description: moresandeep commented on code in PR #1062:
URL: https://github.com/apache/knox/pull/1062#discussion_r2219428603
##########
gateway-server/src/main/java/org/apache/knox/gateway/util/ExceptionSanitizer.java:
##########
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.util;
+
+import org.apache.knox.gateway.SanitizedException;
+
+import java.util.Objects;
+
+public class ExceptionSanitizer {
+
+ private ExceptionSanitizer() {
+ }
+
+ public static SanitizedException from(final Exception e, final boolean
isSanitizationEnabled, final String pattern) {
+ if (Objects.isNull(e) || Objects.isNull(e.getMessage())) {
+ return new SanitizedException();
Review Comment:
In case there is no offending message (i.e. the message does not contain IP
address) shouldn't we just throw the same exception instead of
SanitizedException? looks like this might a) hide the original exception b) add
new stack trace that won't be useful.
##########
gateway-server/src/main/java/org/apache/knox/gateway/GatewayServlet.java:
##########
@@ -45,11 +45,17 @@
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.Enumeration;
+import java.util.Objects;
+
+import static org.apache.knox.gateway.util.ExceptionSanitizer.from;
public class GatewayServlet implements Servlet, Filter {
public static final String GATEWAY_DESCRIPTOR_LOCATION_DEFAULT =
"gateway.xml";
public static final String GATEWAY_DESCRIPTOR_LOCATION_PARAM =
"gatewayDescriptorLocation";
+ private static boolean isErrorMessageSanitizationEnabled = true;
+ private static String errorMessageSanitizationPattern =
"\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b";
Review Comment:
Should we also add support for ipv6?
Issue Time Tracking
-------------------
Worklog Id: (was: 975490)
Time Spent: 6.5h (was: 6h 20m)
> IP Address Exposure in HTTP 500 Error Message
> ---------------------------------------------
>
> Key: KNOX-3039
> URL: https://issues.apache.org/jira/browse/KNOX-3039
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Guillermo Kardolus
> Assignee: Sandor Molnar
> Priority: Major
> Time Spent: 6.5h
> Remaining Estimate: 0h
>
> A potential security vulnerability has been identified in Apache Knox where
> internal IP addresses are exposed in HTTP 500 error messages. This issue can
> occur when a user modifies the URL for one of the proxy services, leading to
> an error page that includes the IP address of the internal service.
> *Steps to Reproduce:*
> # Navigate to a proxy service URL, for example:
> {{<[https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=8051]>}}
> # Modify the {{port}} parameter to an invalid port, such as:
> {{<[https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=9999]>}}
> # Observe the resulting HTTP 500 error message which includes the internal
> IP address.
> *Observed Behavior:* The error message reveals the internal IP address in the
> stack trace, which can be used by an attacker for port scanning and other
> malicious activities.
> *Example:*
> {code:java}
> HTTP ERROR 500 java.io.IOException: java.io.IOException: Service connectivity
> error.
> MESSAGE: java.io.IOException: java.io.IOException: Service connectivity error.
> ...
> CAUSED BY: java.io.IOException: Connect to example.com:9996
> [example.com/10.140.190.10] failed: Connection refused (Connection refused)
> ... {code}
> *Expected Behavior:* Error messages should not expose internal IP addresses.
> Instead, they should be sanitized to prevent the disclosure of sensitive
> information.
> *Proposed Solution:*
> # *Sanitization Mechanism:* Implement a mechanism to sanitize error messages
> before they are sent to the client. This can include replacing IP addresses
> with placeholders such as {{{}[hidden]{}}}.
> # *Configuration Options:* Provide configuration options for users to enable
> or disable this sanitization based on their security needs. By default, users
> should opt-in to this new sanitization functionality, with an option to
> opt-out if necessary.
> # *Knox-specific Error Page:* Alternatively, consider implementing a
> Knox-specific error page that displays an error message without revealing any
> sensitive information.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
