-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathExceptionInformationExposure.cs
More file actions
79 lines (70 loc) · 1.94 KB
/
ExceptionInformationExposure.cs
File metadata and controls
79 lines (70 loc) · 1.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
using System;
using System.Web;
using System.Web.UI.WebControls;
public class StackTraceHandler : IHttpHandler
{
bool b;
TextBox textBox;
public void ProcessRequest(HttpContext ctx)
{
try
{
doSomeWork();
}
catch (Exception ex)
{
// BAD: printing a stack trace back to the response
ctx.Response.Write(ex.ToString());
// BAD: implicitly printing a stack trace back to the response
ctx.Response.Write(ex);
// BAD: writing StackTrace property to response
ctx.Response.Write(ex.StackTrace);
// GOOD: writing Message property to response
ctx.Response.Write(ex.Message);
return;
}
try
{
doSomeWork();
}
catch (Exception ex)
{
// GOOD: log the stack trace, and send back a non-revealing response
log("Exception occurred", ex);
ctx.Response.Write("Exception occurred");
textBox.Text = ex.InnerException.StackTrace; // BAD
textBox.Text = ex.StackTrace; // BAD
textBox.Text = ex.ToString(); // BAD
textBox.Text = ex.Message; // GOOD
return;
}
// BAD: printing a stack trace back to the response for a custom exception
ctx.Response.Write(new MyException().ToString());
}
class MyException : Exception
{
private Exception nested;
string ToString()
{
// IGNORED - the outer ToString() should be reported, not this nested call
return nested.ToString();
}
}
// Method that may throw an exception
public void doSomeWork()
{
if (b)
throw new Exception();
}
public void log(string s, Exception e)
{
// logging stub
}
public bool IsReusable
{
get
{
return true;
}
}
}