[ALS-5053] pen test medium stacktrace error (#85)

* [ALS-5000] Update maven compiler plugin Maven compiler plugin has a dependency on log4j. * [ALS-5053] Add error pages to web.xml * [ALS-5053] Add value to server.xml This value will intercept request processed by tomcat. I have disabled reports and show server information. This information should not be returned to the client. (cherry picked from commit 0d9f3e4)
hms-dbmi · Dec 18, 2024 · 5f2bb71 · 5f2bb71
1 parent c170e7f
commit 5f2bb71
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 16 deletions.
diff --git a/client-api/pom.xml b/client-api/pom.xml
@@ -6,25 +6,22 @@
     <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
     <version>3.0.0-SNAPSHOT</version>
   </parent>
-
   <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
   <artifactId>client-api</artifactId>
   <version>3.0.0-SNAPSHOT</version>
 
   <name>client-api</name>
   <!-- FIXME change it to the project's website -->
   <url>http://www.example.com</url>
-
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>
-
   <dependencies>
 
   </dependencies>
-
   <build>
-    <pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
+    <pluginManagement>
+      <!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
       <plugins>
         <!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
         <plugin>
@@ -38,7 +35,7 @@
         </plugin>
         <plugin>
           <artifactId>maven-compiler-plugin</artifactId>
-          <version>3.8.0</version>
+          <version>3.11.0</version>
         </plugin>
         <plugin>
           <artifactId>maven-surefire-plugin</artifactId>

diff --git a/docker/pic-sure-hpds/server.xml b/docker/pic-sure-hpds/server.xml
@@ -27,6 +27,7 @@
 			<Host name="localhost" appBase="/.extract/webapps" unpackWARs="true"
 				autoDeploy="true">
 				<Context path="/" reloadable="true" />
+				<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>
 			</Host>
 		</Engine>
 	</Service>

diff --git a/pom.xml b/pom.xml
@@ -337,13 +337,13 @@
 				</exclusions>
 			</dependency>
 
-		</dependencies>
-	</dependencyManagement>
-	<distributionManagement>
-		<repository>
-			<id>github</id>
-			<name>GitHub HMS-DBMI Apache Maven Packages</name>
-			<url>https://maven.pkg.github.com/hms-dbmi/pic-sure-hpds</url>
-		</repository>
-	</distributionManagement>
+    </dependencies>
+  </dependencyManagement>
+  <distributionManagement>
+    <repository>
+      <id>github</id>
+      <name>GitHub HMS-DBMI Apache Maven Packages</name>
+      <url>https://maven.pkg.github.com/hms-dbmi/pic-sure-hpds</url>
+    </repository>
+  </distributionManagement>
 </project>
diff --git a/war/pom.xml b/war/pom.xml
@@ -26,7 +26,7 @@
 					<configuration>
 						<release>9</release>
 					</configuration>
-					<version>3.8.0</version>
+					<version>3.11.0</version>
 				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>

diff --git a/war/src/main/webapp/WEB-INF/web.xml b/war/src/main/webapp/WEB-INF/web.xml
@@ -32,4 +32,12 @@
             <secure>true</secure>
         </cookie-config>
     </session-config>
+    <error-page>
+        <error-code>404</error-code>
+        <location>/error-404.html</location>
+    </error-page>
+    <error-page>
+        <error-code>500</error-code>
+        <location>/error-500.html</location>
+    </error-page>
 </web-app>