Prevent information leak of stack trace details to HTTP responses (CodeQL)

[pixeebot[bot]]

This change prevents stack trace information from reaching the HTTP response, which could leak code internals to an attacker and aid in further profiling and attacks.

Have you ever seen an error page and thought, "Wow, I certainly shouldn't be seeing all these code details?" That's this problem.

Switching to a safe signature that doesn't leak anything is easy and the changes look something like this:

  try {
    httpResponse.write(output);
  } catch (Exception e) {
-   response.sendError(401, e.getMessage());
+   response.sendError(401);
  }

More reading

* [https://codeql.github.com/codeql-query-help/java/java-stack-trace-exposure/](https://codeql.github.com/codeql-query-help/java/java-stack-trace-exposure/) * [https://cwe.mitre.org/data/definitions/209.html](https://cwe.mitre.org/data/definitions/209.html) * [https://cwe.mitre.org/data/definitions/497.html](https://cwe.mitre.org/data/definitions/497.html)

I have additional improvements ready for this repo! If you want to see them, leave the comment:

@pixeebot next

... and I will open a new PR right away!

Powered by: pixeebot and CodeQL (codemod ID: codeql:java/stack-trace-exposure)

[sonarcloud[bot]]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[pixeebot[bot]]

I'm confident in this change, and the CI checks pass, too!

If you see any reason not to merge this, or you have suggestions for improvements, please let me know!

[pixeebot[bot]]

Just a friendly ping to remind you about this change. If there are concerns about it, we'd love to hear about them!