security - Hide groovy stack trace in xwiki macros -
i'm developing groovy macro in xwiki, , @ nowadays stack trace generated when macro fails invaluable debugging. seem security hole when others utilize it. there way turn stack traces off, perhaps users without programming rights?
first if security hole mean user can see groovy code user have view right on document can view code technically anyway hiding stack trace not going completly hide it.
now reply question, error not configurable way can think of patch either script macro (https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwiki-platform-rendering/xwiki-platform-rendering-macros/xwiki-platform-rendering-macro-script/src/main/java/org/xwiki/rendering/macro/script/abstractscriptmacro.java#l286) or more generic macroerrormanager (https://github.com/xwiki/xwiki-rendering/blob/master/xwiki-rendering-transformations/xwiki-rendering-transformation-macro/src/main/java/org/xwiki/rendering/internal/transformation/macro/macroerrormanager.java).
security groovy xwiki
No comments:
Post a Comment