Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6453

ExternalCommandValidator: Testing non existing command gives stacktrace

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.11.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      EJBCA Happy Fun Sprint (6)

      Description

      Error handling is lacking.

      In an external command validator, input a script path to a non existing script. Upload some bogus file (text file for example) and click the "Test" button. Instead of a nice error messgae that your command doesn't exist, you get a stack trace.

      Context Path:
      /ejbca/adminweb

      Servlet Path:
      /ca/editvalidators/editvalidator.xhtml

      Path Info:
      null

      Query String:
      null

      Stack Trace
      javax.servlet.ServletException: org.cesecore.util.ExternalProcessException: process.commandnotfound, XSSRole";alert("XSS");xxx="
      javax.faces.webapp.FacesServlet.service(FacesServlet.java:671)
      io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
      org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:204)
      io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

        Attachments

          Activity

            People

            • Assignee:
              anjakobs Andres Jakobs
              Reporter:
              tomas Tomas Gustavsson
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: