从 jooq stacktrace 异常中删除原因

Question

I'm trying to remove or hide sensitive data from Jooq exception handler, I've tried implementing a listener to handle the exception but I realized that the query with the sensitive data (Bind values for example) comes from a java.sql.BatchUpdateException which does not belong Jooq but java.sql.

So, my question is, how do you hide sensitive data on exceptions without losing the complete exception information?

This is an example:

    Caused by: org.jooq.exception.DataAccessException: SQL [insert into "public"."table" ("id", "sensitvefield") values (?, ) on conflict ("id", "sensitvefield") do update set "id" = ?, "sensitvefield" = ? where ("public"."mytable"."id" = ? and "public"."mytable"."sensitvefield" = ?)]; Batch entry 0 insert into "public"."mytable" ("id","sensitvefield"]") values (2653933, sensitivefielddata) was aborted: ERROR: value too long for type character varying(50)  Call getNextException to see other errors in the batch.
    at org.jooq_3.14.15.POSTGRES.debug(Unknown Source)
    at org.jooq.impl.Tools.translate(Tools.java:2903)
    at org.jooq.impl.DefaultExecuteContext.sqlException(DefaultExecuteContext.java:757)
    at org.jooq.impl.BatchSingle.executePrepared(BatchSingle.java:254)
    at org.jooq.impl.BatchSingle.execute(BatchSingle.java:170)
    at org.jooq.impl.BatchCRUD.executePrepared(BatchCRUD.java:148)
    at org.jooq.impl.BatchCRUD.execute(BatchCRUD.java:91)
    at com.myservice(ServiceRepository.kt:49)
    ... 41 common frames omitted
Caused by: java.sql.BatchUpdateException: Batch entry 0 insert into "public"."mytable" ("id", "sensitivefield",) values (2653933, sensitivefielddata) was aborted: ERROR: value too long for type character varying(50)  Call getNextException to see other errors in the batch.
    at org.postgresql.jdbc.BatchResultHandler.handleError(BatchResultHandler.java:171)
    at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2298)
    at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:520)
    at org.postgresql.jdbc.PgStatement.internalExecuteBatch(PgStatement.java:878)
    at org.postgresql.jdbc.PgStatement.executeBatch(PgStatement.java:901)
    at org.postgresql.jdbc.PgPreparedStatement.executeBatch(PgPreparedStatement.java:1644)
    at com.zaxxer.hikari.pool.ProxyStatement.executeBatch(ProxyStatement.java:127)
    at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeBatch(HikariProxyPreparedStatement.java)
    at org.jooq.tools.jdbc.DefaultStatement.executeBatch(DefaultStatement.java:112)
    at org.jooq.impl.BatchSingle.executePrepared(BatchSingle.java:234)
    ... 45 common frames omitted
Caused by: org.postgresql.util.PSQLException: ERROR: value too long for type character varying(50)
    at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2565)
    at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2297)
    ... 53 common frames omitted

Here for example, if I replace all the causes, I will be losing the message ERROR: value too long for type character varying(50) which gives a lot of information, but, as you can see, there is sensitive information like sensitvefield and sensitivedata.

Does anyone know any workaround for it?

Answer 1

You can use the property logServerErrorDetail to prevent such leakages, see eg

• https://github.com/pgjdbc/pgjdbc/pull/2148
• https://jdbc.postgresql.org/documentation/head/connect.html#connection-parameters

The documentation reads:

logServerErrorDetail == boolean

Whether to include server error details in exceptions and log messages (for example inlined query parameters). Setting to false will only include minimal, not sensitive messages.

By default this is set to true, server error details are propagated. This may include sensitive details such as query parameters.