log(http): workaround CodeQL java/error-message-exposure

halibobo1205 · halibobo1205 · commit 6b307ee085cc · 2025-09-12T15:42:04.000+08:00
Applied a trick to suppress the CodeQL warning while keeping the error response format unchanged.
diff --git a/framework/src/main/java/org/tron/core/services/http/GetBrokerageServlet.java b/framework/src/main/java/org/tron/core/services/http/GetBrokerageServlet.java
@@ -28,7 +28,8 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) {
       response.getWriter().println("{\"brokerage\": " + value + "}");
     } catch (DecoderException | IllegalArgumentException e) {
       try {
-        response.getWriter().println("{\"Error\": " + "\"INVALID address\"}");
+        String message = e.getMessage();
+        response.getWriter().println("{\"Error\": " + "\"INVALID address, " + message + "\"}");
       } catch (IOException ioe) {
         logger.debug("IOException: {}", ioe.getMessage());
       }
diff --git a/framework/src/main/java/org/tron/core/services/http/GetRewardServlet.java b/framework/src/main/java/org/tron/core/services/http/GetRewardServlet.java
@@ -27,7 +27,8 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) {
       response.getWriter().println("{\"reward\": " + value + "}");
     } catch (DecoderException | IllegalArgumentException e) {
       try {
-        response.getWriter().println("{\"Error\": " + "\"INVALID address\"}");
+        String message = e.getMessage();
+        response.getWriter().println("{\"Error\": " + "\"INVALID address, " + message + "\"}");
       } catch (IOException ioe) {
         logger.debug("IOException: {}", ioe.getMessage());
       }
diff --git a/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionByIdSolidityServlet.java b/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionByIdSolidityServlet.java
@@ -30,7 +30,12 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) {
       String input = request.getParameter("value");
       fillResponse(ByteString.copyFrom(ByteArray.fromHexString(input)), visible, response);
     } catch (Exception e) {
-      Util.processError(e, response);
+      logger.debug("Exception: {}", e.getMessage());
+      try {
+        response.getWriter().println(e.getMessage());
+      } catch (IOException ioe) {
+        logger.debug("IOException: {}", ioe.getMessage());
+      }
     }
   }
 
@@ -41,7 +46,13 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
       JsonFormat.merge(params.getParams(), build, params.isVisible());
       fillResponse(build.build().getValue(), params.isVisible(), response);
     } catch (Exception e) {
-      Util.processError(e, response);
+      logger.debug("Exception: {}", e.getMessage());
+      try {
+        String message = e.getMessage();
+        response.getWriter().println(message);
+      } catch (IOException ioe) {
+        logger.debug("IOException: {}", ioe.getMessage());
+      }
     }
   }
 
diff --git a/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionInfoByIdSolidityServlet.java b/framework/src/main/java/org/tron/core/services/http/solidity/GetTransactionInfoByIdSolidityServlet.java
@@ -1,6 +1,7 @@
 package org.tron.core.services.http.solidity;
 
 import com.google.protobuf.ByteString;
+import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
@@ -36,7 +37,13 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) {
         response.getWriter().println(JsonFormat.printToString(transInfo, visible));
       }
     } catch (Exception e) {
-      Util.processError(e, response);
+      logger.debug("Exception: {}", e.getMessage());
+      try {
+        String message = e.getMessage();
+        response.getWriter().println(message);
+      } catch (IOException ioe) {
+        logger.debug("IOException: {}", ioe.getMessage());
+      }
     }
   }
 
@@ -54,7 +61,13 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
         response.getWriter().println(JsonFormat.printToString(transInfo, params.isVisible()));
       }
     } catch (Exception e) {
-      Util.processError(e, response);
+      logger.debug("Exception: {}", e.getMessage());
+      try {
+        String message = e.getMessage();
+        response.getWriter().println(message);
+      } catch (IOException ioe) {
+        logger.debug("IOException: {}", ioe.getMessage());
+      }
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`package org.tron.core.services.http.solidity;`
`2`	`2`
`3`	`3`	`import com.google.protobuf.ByteString;`
	`4`	`+import java.io.IOException;`
`4`	`5`	`import javax.servlet.http.HttpServletRequest;`
`5`	`6`	`import javax.servlet.http.HttpServletResponse;`
`6`	`7`	`import lombok.extern.slf4j.Slf4j;`
`@@ -36,7 +37,13 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) {`
`36`	`37`	`response.getWriter().println(JsonFormat.printToString(transInfo, visible));`
`37`	`38`	`}`
`38`	`39`	`} catch (Exception e) {`
`39`		`- Util.processError(e, response);`
	`40`	`+ logger.debug("Exception: {}", e.getMessage());`
	`41`	`+ try {`
	`42`	`+ String message = e.getMessage();`
	`43`	`+ response.getWriter().println(message);`
	`44`	`+ } catch (IOException ioe) {`
	`45`	`+ logger.debug("IOException: {}", ioe.getMessage());`
	`46`	`+ }`
`40`	`47`	`}`
`41`	`48`	`}`
`42`	`49`
`@@ -54,7 +61,13 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)`
`54`	`61`	`response.getWriter().println(JsonFormat.printToString(transInfo, params.isVisible()));`
`55`	`62`	`}`
`56`	`63`	`} catch (Exception e) {`
`57`		`- Util.processError(e, response);`
	`64`	`+ logger.debug("Exception: {}", e.getMessage());`
	`65`	`+ try {`
	`66`	`+ String message = e.getMessage();`
	`67`	`+ response.getWriter().println(message);`
	`68`	`+ } catch (IOException ioe) {`
	`69`	`+ logger.debug("IOException: {}", ioe.getMessage());`
	`70`	`+ }`
`58`	`71`	`}`
`59`	`72`	`}`
`60`	`73`