RFR: 8348986: Improve coverage of enhanced exception messages [v2]

Andrey Turbanov aturbanov at openjdk.org
Thu Mar 6 12:05:59 UTC 2025 

On Thu, 6 Mar 2025 10:46:11 GMT, Michael McMahon <michaelm at openjdk.org> wrote:

>> Hi,
>> 
>> Enhanced exception messages are designed to hide sensitive information such as hostnames, IP 
>> addresses from exception message strings, unless the enhanced mode for the specific category 
>> has been explicitly enabled. Enhanced exceptions were first introduced in 8204233 in JDK 11 and 
>> updated in 8207846.
>> 
>> This PR aims to increase the coverage of enhanced exception messages in the networking code.
>> A limited number of exceptions are already hidden (restricted) by default. The new categories and 
>> exceptions in this PR will be restricted on an opt-in basis, ie. the default mode will be enhanced
>> (while preserving the existing behavior).
>> 
>> The mechanism is controlled by the security/system property "jdk.includeInExceptions" which takes as value
>> a comma separated list of category names, which identify groups of exceptions where the exception
>> message may be enhanced. Any category not listed is "restricted" which means that potentially
>> sensitive information (such as hostnames, IP addresses, user identities) are excluded from the message text.
>> 
>> The changes to the java.security conf file describe the exact changes in terms of the categories now
>> supported and any changes in behavior.
>> 
>> Thanks,
>> Michael
>
> Michael McMahon has updated the pull request incrementally with one additional commit since the last revision:
> 
>   doc + copyright update

src/java.base/share/classes/jdk/internal/util/Exceptions.java line 103:

> 101:      * the output is the replacement string.
> 102:      */
> 103:     public static abstract class SensitiveInfo  {

Let's sort modifiers in blessed order
Suggestion:

    public abstract static class SensitiveInfo {

src/java.base/share/classes/jdk/internal/util/Exceptions.java line 338:

> 336:                                       | hostCompatFlag;
> 337:         enhancedUserExceptionText = SecurityProperties.includedInExceptions("userInfo");
> 338:         enhancedJarExceptionText =  SecurityProperties.INCLUDE_JAR_NAME_IN_EXCEPTIONS;

Suggestion:

        enhancedJarExceptionText = SecurityProperties.INCLUDE_JAR_NAME_IN_EXCEPTIONS;

test/jdk/sun/net/util/ExceptionsTest.java line 47:

> 45: 
> 46:     static boolean netEnabled() {
> 47:         System.out.printf("netEnabled = %b\n",  enhancedNetExceptions());

Suggestion:

        System.out.printf("netEnabled = %b\n", enhancedNetExceptions());

test/jdk/sun/net/util/ExceptionsTest.java line 52:

> 50: 
> 51:     static boolean dnsEnabled() {
> 52:         System.out.printf("dnsEnabled = %b\n",  enhancedLookupExceptions());

Suggestion:

        System.out.printf("dnsEnabled = %b\n", enhancedLookupExceptions());

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/23929#discussion_r1983229570
PR Review Comment: https://git.openjdk.org/jdk/pull/23929#discussion_r1983232405
PR Review Comment: https://git.openjdk.org/jdk/pull/23929#discussion_r1983232786
PR Review Comment: https://git.openjdk.org/jdk/pull/23929#discussion_r1983232968

More information about the core-libs-dev mailing list