Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » BIRT » Hiding Stack Traces / Errors
Hiding Stack Traces / Errors [message #790920] Sun, 05 February 2012 02:21 Go to next message
Shayne Paddock is currently offline Shayne Paddock
Messages: 9
Registered: December 2009
Junior Member
Is there a way to hide all BIRT stack traces? I'm running BIRT 3.7.1

I changed the messages properties to at least not display the report path and filename in the error messages but I really want to Hide all error messages. It's a security concern that I'd like to close.

A while back Jason W. was going to / or have somebody log a bug about this. He was suggesting an option in web.xml I looked through the new web.xml and didn't see any switches that looked like they addressed it.


Kindest regards,
Shayne
Re: Hiding Stack Traces / Errors [message #792334 is a reply to message #790920] Mon, 06 February 2012 22:23 Go to previous messageGo to next message
Jason Weathersby is currently offline Jason Weathersby
Messages: 9167
Registered: July 2009
Senior Member

I have not seen a bug logged for this yet. You do have the option of
clearing the error message using a script tag in a text element:

<script language="JavaScript">
document.getElementById('error_icon0_0').parentNode.parentNode.parentNode.style.display
= "none";
</script>

or forward to another page on error like:

<script language="JavaScript">
var tst=<VALUE-OF>_jsContext.hasErrors()</VALUE-OF>
if( tst == true ){
window.location = "http://www.google.com";
}
</script>

Jason

On 2/4/2012 9:21 PM, Shayne Paddock wrote:
> Is there a way to hide all BIRT stack traces? I'm running BIRT 3.7.1
>
> I changed the messages properties to at least not display the report
> path and filename in the error messages but I really want to Hide all
> error messages. It's a security concern that I'd like to close.
>
> A while back Jason W. was going to / or have somebody log a bug about
> this. He was suggesting an option in web.xml I looked through the new
> web.xml and didn't see any switches that looked like they addressed it.
>
>
> Kindest regards,
> Shayne
Re: Hiding Stack Traces / Errors [message #792337 is a reply to message #792334] Mon, 06 February 2012 22:30 Go to previous messageGo to next message
Shayne Paddock is currently offline Shayne Paddock
Messages: 9
Registered: December 2009
Junior Member
If the check is done in javascript then the hacker would already have the stack trace in his browser. Not to mention if you turn javascript off it would get around that check would it not?

Also, we noticed that when stack traces are returned BIRT returns error code 200's which mean everything is OK. Is there a reason why BIRT can't return 500 level errors?


Kindest regards,
Shayne
Re: Hiding Stack Traces / Errors [message #792343 is a reply to message #792337] Mon, 06 February 2012 22:38 Go to previous messageGo to next message
Jason Weathersby is currently offline Jason Weathersby
Messages: 9167
Registered: July 2009
Senior Member

I believe a 500 is returned if there is an error in the viewer code
itself, but not the individual report. If you look a the BirtUtility
class in the viewer there is a function called
BirtUtility.appendErrorMessage which actually adds the error to the
report. You could always change this function to do something different.

Jason

On 2/6/2012 5:30 PM, Shayne Paddock wrote:
> If the check is done in javascript then the hacker would already have
> the stack trace in his browser. Not to mention if you turn javascript
> off it would get around that check would it not?
>
> Also, we noticed that when stack traces are returned BIRT returns error
> code 200's which mean everything is OK. Is there a reason why BIRT can't
> return 500 level errors?
>
>
> Kindest regards,
> Shayne
Re: Hiding Stack Traces / Errors [message #792349 is a reply to message #792343] Mon, 06 February 2012 22:46 Go to previous messageGo to next message
Shayne Paddock is currently offline Shayne Paddock
Messages: 9
Registered: December 2009
Junior Member
Would that solution solve the javascript dialog boxes when you have a validate Parameter method that fails and the invalid parameter pop up has a show stack trace button?

Kindest regards,
Shayne
Re: Hiding Stack Traces / Errors [message #792364 is a reply to message #792349] Mon, 06 February 2012 23:10 Go to previous messageGo to next message
Jason Weathersby is currently offline Jason Weathersby
Messages: 9167
Registered: July 2009
Senior Member

That will only handle the stack trace in the report display. To take
care of message box, you could remove the dialog from the jsp fragment
but that would not prevent the error from actually streaming back. It
just would not display it. This error box is populated using the
results from an AJAX web service call to the server. In the
ReportEngineService.java class there is a method:

private void throwDummyException( Exception e ) throws DummyRemoteException
{
if ( e instanceof ReportServiceException )
{
throw new DummyRemoteException( e );
}
else
{
throw new DummyRemoteException( new ReportServiceException(
e.getLocalizedMessage( ),
e ) );
}
}

Which I believe is passing back the exception to the client. You could
change this method.

Jason

On 2/6/2012 5:46 PM, Shayne Paddock wrote:
> Would that solution solve the javascript dialog boxes when you have a
> validate Parameter method that fails and the invalid parameter pop up
> has a show stack trace button?
>
> Kindest regards,
> Shayne
Re: Hiding Stack Traces / Errors [message #1038956 is a reply to message #792364] Thu, 11 April 2013 14:48 Go to previous messageGo to next message
Anthony Farrell is currently offline Anthony Farrell
Messages: 29
Registered: August 2012
Junior Member
Just checking in with this issue.
With BIRT 4.2.1 has a mechanism been added to allow the user to configure, e.g. via web.xml, whether a stack trace is send back to the browser ?

When a report runs with AJAX (run servlet), and an error occurrs, it returnsa stack trace in the response. Returning information like this to the client, in a production server, is information leakage and allows a malicious user to gain an understanding of how our application works and the products its built on/with.

How does one register an enhancement for the BIRT runtime, to allows stack track data to be turned off in production environments.

If the user hit the "show stack trace" they will get something like: -
Exception
Close
org.eclipse.birt.report.service.api.ReportServiceException: Error happened while running the report.
Show Exception Stack Trace
Hide Exception Stack Trace
Stack Trace:

org.eclipse.birt.report.service.api.ReportServiceException: Error happened while running the report.
at org.eclipse.birt.report.service.ReportEngineService.throwDummyException(ReportEngineService.java:1096)
at org.eclipse.birt.report.service.ReportEngineService.runAndRenderReport(ReportEngineService.java:926)
at org.eclipse.birt.report.service.BirtViewerReportService.runAndRenderReport(BirtViewerReportService.java:973)
at org.eclipse.birt.report.service.actionhandler.BirtGetPageAllActionHandler.__execute(BirtGetPageAllActionHandler.java:131)
at org.eclipse.birt.report.service.actionhandler.AbstractBaseActionHandler.execute(AbstractBaseActionHandler.java:90)
at org.eclipse.birt.report.soapengine.processor.AbstractBaseDocumentProcessor.__executeAction(AbstractBaseDocumentProcessor.java:47)
at org.eclipse.birt.report.soapengine.processor.AbstractBaseComponentProcessor.executeAction(AbstractBaseComponentProcessor.java:143)
at org.eclipse.birt.report.soapengine.processor.BirtDocumentProcessor.handleGetPageAll(BirtDocumentProcessor.java:183)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.eclipse.birt.report.soapengine.processor.AbstractBaseComponentProcessor.process(AbstractBaseComponentProcessor.java:112)
at org.eclipse.birt.report.soapengine.endpoint.BirtSoapBindingImpl.getUpdatedObjects(BirtSoapBindingImpl.java:66)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
at org.eclipse.birt.report.servlet.BirtSoapMessageDispatcherServlet.doPost(BirtSoapMessageDispatcherServlet.java:265)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at org.eclipse.birt.report.servlet.BirtSoapMessageDispatcherServlet.service(BirtSoapMessageDispatcherServlet.java:122)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1224)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:774)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:456)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:136)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:97)
at org.eclipse.birt.report.filter.ViewerFilter.doFilter(ViewerFilter.java:68)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:928)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1025)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:895)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:452)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:511)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:305)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1690)
Caused by: org.eclipse.birt.report.engine.api.EngineException: Error happened while running the report.
at org.eclipse.birt.report.engine.api.impl.RunAndRenderTask.doRun(RunAndRenderTask.java:196)
at org.eclipse.birt.report.engine.api.impl.RunAndRenderTask.run(RunAndRenderTask.java:77)
at org.eclipse.birt.report.service.ReportEngineService.runAndRenderReport(ReportEngineService.java:920)
... 58 more
Caused by: java.lang.NullPointerException
at org.mozilla.javascript.UintMap.rehashTable(UintMap.java:295)
at org.mozilla.javascript.UintMap.ensureIndex(UintMap.java:360)
at org.mozilla.javascript.UintMap.put(UintMap.java:160)
at org.mozilla.classfile.ConstantPool.addConstant(ClassFileWriter.java:2794)
at org.mozilla.classfile.ClassFileWriter.addLoadConstant(ClassFileWriter.java:668)
at org.mozilla.classfile.ClassFileWriter.addPush(ClassFileWriter.java:927)
at org.mozilla.javascript.optimizer.BodyCodegen.visitStandardCall(Codegen.java:3289)
at org.mozilla.javascript.optimizer.BodyCodegen.generateExpression(Codegen.java:2271)
at org.mozilla.javascript.optimizer.BodyCodegen.visitStandardCall(Codegen.java:3340)
at org.mozilla.javascript.optimizer.BodyCodegen.generateExpression(Codegen.java:2271)
at org.mozilla.javascript.optimizer.BodyCodegen.visitIfJumpEqOp(Codegen.java:4346)
at org.mozilla.javascript.optimizer.BodyCodegen.generateIfJump(Codegen.java:2992)
at org.mozilla.javascript.optimizer.BodyCodegen.visitGoto(Codegen.java:3087)
at org.mozilla.javascript.optimizer.BodyCodegen.generateStatement(Codegen.java:2142)
at org.mozilla.javascript.optimizer.BodyCodegen.generateStatement(Codegen.java:1937)
at org.mozilla.javascript.optimizer.BodyCodegen.generateStatement(Codegen.java:1937)
at org.mozilla.javascript.optimizer.BodyCodegen.generateBodyCode(Codegen.java:1363)
at org.mozilla.javascript.optimizer.Codegen.generateCode(Codegen.java:327)
at org.mozilla.javascript.optimizer.Codegen.compileToClassFile(Codegen.java:182)
at org.mozilla.javascript.optimizer.Codegen.compile(Codegen.java:91)
at org.mozilla.javascript.Context.compileImpl(Context.java:2391)
at org.mozilla.javascript.Context.compileString(Context.java:1359)
at org.mozilla.javascript.Context.compileString(Context.java:1348)
at org.eclipse.birt.report.engine.javascript.JavascriptEngine$3.run(JavascriptEngine.java:232)
at org.eclipse.birt.report.engine.javascript.JavascriptEngine$3.run(JavascriptEngine.java:1)
at java.security.AccessController.doPrivileged(AccessController.java:229)
at org.eclipse.birt.report.engine.javascript.JavascriptEngine.compile(JavascriptEngine.java:228)
at org.eclipse.birt.report.engine.javascript.JavascriptEngine.compile(JavascriptEngine.java:1)
at org.eclipse.birt.core.script.ScriptContext.compile(ScriptContext.java:148)
at org.eclipse.birt.data.engine.impl.ComputedColumnHelperInstance.process(ComputedColumnHelper.java:459)
at org.eclipse.birt.data.engine.impl.ComputedColumnHelper.process(ComputedColumnHelper.java:119)
at org.eclipse.birt.data.engine.executor.cache.RowResultSet.processFetchEvent(RowResultSet.java:152)
at org.eclipse.birt.data.engine.executor.cache.RowResultSet.next(RowResultSet.java:113)
at org.eclipse.birt.data.engine.executor.cache.ExpandableRowResultSet.next(ExpandableRowResultSet.java:63)
at org.eclipse.birt.data.engine.executor.cache.SmartCacheHelper.populateData(SmartCacheHelper.java:316)
at org.eclipse.birt.data.engine.executor.cache.SmartCacheHelper.initInstance(SmartCacheHelper.java:285)
at org.eclipse.birt.data.engine.executor.cache.SmartCacheHelper.initOdaResult(SmartCacheHelper.java:154)
at org.eclipse.birt.data.engine.executor.cache.SmartCacheHelper.getResultSetCache(SmartCacheHelper.java:79)
at org.eclipse.birt.data.engine.executor.cache.SmartCache.(SmartCache.java:56)
at org.eclipse.birt.data.engine.executor.transform.pass.PassUtil.populateOdiResultSet(PassUtil.java:99)
at org.eclipse.birt.data.engine.executor.transform.pass.PassUtil.pass(PassUtil.java:62)
at org.eclipse.birt.data.engine.executor.transform.pass.PassManager.populateResultSetCacheInResultSetPopulator(PassManager.java:320)
at org.eclipse.birt.data.engine.executor.transform.pass.PassManager.populateDataSet(PassManager.java:282)
at org.eclipse.birt.data.engine.executor.transform.pass.PassManager.prepareDataSetResultSet(PassManager.java:101)
at org.eclipse.birt.data.engine.executor.transform.pass.PassManager.pass(PassManager.java:128)
at org.eclipse.birt.data.engine.executor.transform.pass.PassManager.populateResultSet(PassManager.java:77)
at org.eclipse.birt.data.engine.executor.transform.ResultSetPopulator.populateResultSet(ResultSetPopulator.java:198)
at org.eclipse.birt.data.engine.executor.transform.CachedResultSet.(CachedResultSet.java:94)
at org.eclipse.birt.data.engine.executor.DataSourceQuery.execute(DataSourceQuery.java:883)
at org.eclipse.birt.data.engine.impl.PreparedOdaDSQuery$OdaDSQueryExecutor.executeOdiQuery(PreparedOdaDSQuery.java:427)
at org.eclipse.birt.data.engine.impl.QueryExecutor.execute(QueryExecutor.java:1094)
at org.eclipse.birt.data.engine.impl.ServiceForQueryResults.executeQuery(ServiceForQueryResults.java:232)
at org.eclipse.birt.data.engine.impl.QueryResults.getResultIterator(QueryResults.java:172)
at org.eclipse.birt.report.engine.data.dte.QueryResultSet.(QueryResultSet.java:98)
at org.eclipse.birt.report.engine.data.dte.DteDataEngine.doExecuteQuery(DteDataEngine.java:168)
at org.eclipse.birt.report.engine.data.dte.AbstractDataEngine.execute(AbstractDataEngine.java:265)
at org.eclipse.birt.report.engine.executor.ExtendedGenerateExecutor.executeQueries(ExtendedGenerateExecutor.java:205)
at org.eclipse.birt.report.engine.executor.ExtendedGenerateExecutor.execute(ExtendedGenerateExecutor.java:65)
at org.eclipse.birt.report.engine.executor.ExtendedItemExecutor.execute(ExtendedItemExecutor.java:62)
at org.eclipse.birt.report.engine.internal.executor.dup.SuppressDuplicateItemExecutor.execute(SuppressDuplicateItemExecutor.java:43)
at org.eclipse.birt.report.engine.internal.executor.wrap.WrappedReportItemExecutor.execute(WrappedReportItemExecutor.java:46)
at org.eclipse.birt.report.engine.internal.executor.l18n.LocalizedReportItemExecutor.execute(LocalizedReportItemExecutor.java:34)
at org.eclipse.birt.report.engine.layout.html.HTMLBlockStackingLM.layoutNodes(HTMLBlockStackingLM.java:65)
at org.eclipse.birt.report.engine.layout.html.HTMLPageLM.layout(HTMLPageLM.java:90)
at org.eclipse.birt.report.engine.layout.html.HTMLReportLayoutEngine.layout(HTMLReportLayoutEngine.java:99)
at org.eclipse.birt.report.engine.api.impl.RunAndRenderTask.doRun(RunAndRenderTask.java:180)
... 60 more






Parameter
Close

Parameters marked with * are required.
Flex or PNG ?:
Null Value
CuramFlex
PNG

username:
Input text
Null Value Null Value






Processing, please wait ...









Re: Hiding Stack Traces / Errors [message #1386025 is a reply to message #790920] Fri, 13 June 2014 05:08 Go to previous message
Boban Raj is currently offline Boban Raj
Messages: 1
Registered: June 2014
Junior Member
Can't we take help from "try-catch"?

*m a newbie over BIRT. So not sure with this.
Previous Topic:Employment Opportunity: Lead Open Source BIRT Developer @ Actuate
Next Topic:Is there a way to change the plugin.xml for spudsoft birt emitters to no-pagination in runtime.jar
Goto Forum:
  


Current Time: Fri Oct 24 13:01:50 GMT 2014

Powered by FUDForum. Page generated in 0.01818 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software