Service broker API of version 2.16 is showing the stack trace instead of single error msg line which is revealing internal code details

openservicebrokerapi / servicebroker

Open Service Broker API Specification

https://openservicebrokerapi.org/

Apache License 2.0

1.19k stars 436 forks source link

Service broker API of version 2.16 is showing the stack trace instead of single error msg line which is revealing internal code details #746

Closed sreeteja7 closed 2 years ago

sreeteja7 commented 2 years ago

What is the problem? Upon use of PUT v2/service_instances/{instance_id} by passing no body to this method it is throwing complete stack trace

Who does this affect? This might pay way for insider attackers

Do you have any proposed solutions? Need to check if request body is sent or not and throw only Required request body is missing instead of complete stack trace

Additional context Add any other context or screenshots can go here.

sreeteja7 commented 2 years ago

CreateServiceInstanceRequest This is the class that is throwing this stack trace

MadaManu commented 2 years ago

This seems like an issue with spring-cloud-open-service-broker rather than this spec. Please open an issue in that repo.

pivotal-marcela-campo commented 2 years ago

Closing as per previous comment