[英]Remove cause from jooq stacktrace exception
I'm trying to remove or hide sensitive data from Jooq exception handler, I've tried implementing a listener to handle the exception but I realized that the query with the sensitive data (Bind values for example) comes from a java.sql.BatchUpdateException which does not belong Jooq but java.sql.我正在尝试从 Jooq 异常处理程序中删除或隐藏敏感数据,我尝试实现一个侦听器来处理异常,但我意识到带有敏感数据的查询(例如绑定值)来自 java.sql.BatchUpdateException它不属于 Jooq,而是 java.sql。
So, my question is, how do you hide sensitive data on exceptions without losing the complete exception information?所以,我的问题是,如何在不丢失完整异常信息的情况下隐藏异常的敏感数据?
This is an example:这是一个例子:
Caused by: org.jooq.exception.DataAccessException: SQL [insert into "public"."table" ("id", "sensitvefield") values (?, ) on conflict ("id", "sensitvefield") do update set "id" = ?, "sensitvefield" = ? where ("public"."mytable"."id" = ? and "public"."mytable"."sensitvefield" = ?)]; Batch entry 0 insert into "public"."mytable" ("id","sensitvefield"]") values (2653933, sensitivefielddata) was aborted: ERROR: value too long for type character varying(50) Call getNextException to see other errors in the batch.
at org.jooq_3.14.15.POSTGRES.debug(Unknown Source)
at org.jooq.impl.Tools.translate(Tools.java:2903)
at org.jooq.impl.DefaultExecuteContext.sqlException(DefaultExecuteContext.java:757)
at org.jooq.impl.BatchSingle.executePrepared(BatchSingle.java:254)
at org.jooq.impl.BatchSingle.execute(BatchSingle.java:170)
at org.jooq.impl.BatchCRUD.executePrepared(BatchCRUD.java:148)
at org.jooq.impl.BatchCRUD.execute(BatchCRUD.java:91)
at com.myservice(ServiceRepository.kt:49)
... 41 common frames omitted
Caused by: java.sql.BatchUpdateException: Batch entry 0 insert into "public"."mytable" ("id", "sensitivefield",) values (2653933, sensitivefielddata) was aborted: ERROR: value too long for type character varying(50) Call getNextException to see other errors in the batch.
at org.postgresql.jdbc.BatchResultHandler.handleError(BatchResultHandler.java:171)
at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2298)
at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:520)
at org.postgresql.jdbc.PgStatement.internalExecuteBatch(PgStatement.java:878)
at org.postgresql.jdbc.PgStatement.executeBatch(PgStatement.java:901)
at org.postgresql.jdbc.PgPreparedStatement.executeBatch(PgPreparedStatement.java:1644)
at com.zaxxer.hikari.pool.ProxyStatement.executeBatch(ProxyStatement.java:127)
at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeBatch(HikariProxyPreparedStatement.java)
at org.jooq.tools.jdbc.DefaultStatement.executeBatch(DefaultStatement.java:112)
at org.jooq.impl.BatchSingle.executePrepared(BatchSingle.java:234)
... 45 common frames omitted
Caused by: org.postgresql.util.PSQLException: ERROR: value too long for type character varying(50)
at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2565)
at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2297)
... 53 common frames omitted
Here for example, if I replace all the causes, I will be losing the message ERROR: value too long for type character varying(50) which gives a lot of information, but, as you can see, there is sensitive information like sensitvefield and sensitivedata.例如,如果我替换所有原因,我将丢失消息 ERROR: value too long for type character varying(50) 这提供了很多信息,但是,如您所见,有敏感信息,如 sensitvefield 和敏感数据。
Does anyone know any workaround for it?有谁知道它的任何解决方法?
You can use the property logServerErrorDetail
to prevent such leakages, see eg您可以使用属性logServerErrorDetail
来防止此类泄漏,请参见例如
The documentation reads:文档内容如下:
logServerErrorDetail == boolean logServerErrorDetail == boolean
Whether to include server error details in exceptions and log messages (for example inlined query parameters).是否在异常和日志消息中包含服务器错误详细信息(例如内联查询参数)。 Setting to false will only include minimal, not sensitive messages.设置为 false 将仅包含最少的非敏感消息。
By default this is set to true, server error details are propagated.默认情况下,这设置为 true,传播服务器错误详细信息。 This may include sensitive details such as query parameters.这可能包括敏感细节,例如查询参数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.