Merge pull request #3659 from nscuro/issue-3645

DependencyTrack · Apr 30, 2024 · 664ee25 · 664ee25
2 parents f4008f2 + 6538d25
commit 664ee25
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 43 deletions.
diff --git a/docs/_posts/2024-xx-xx-v4.11.0.md b/docs/_posts/2024-xx-xx-v4.11.0.md
@@ -120,6 +120,7 @@ It is also available through [Artifact Hub](https://artifacthub.io/packages/helm
 * Disable automatic API key generation for newly created teams - [apiserver/#3574]
 * Fix severity not being set for vulnerabilities from VulnDB - [apiserver/#3595]
 * Fix `JDOFatalUserException` for long reference URLs from OSS Index - [apiserver/#3650]
+* Fix unhandled `ClientErrorException`s causing a `HTTP 500` response - [apiserver/#3659]
 * Fix `VUE_APP_SERVER_URL` being ignored - [frontend/#682]
 * Fix visibility of "Vulnerabilities" and "Policy Violations" columns not being toggle-able individually - [frontend/#686]
 * Fix finding search routes - [frontend/#689]
@@ -248,6 +249,7 @@ Special thanks to everyone who contributed code to implement enhancements and fi
 [apiserver/#3650]: https://github.com/DependencyTrack/dependency-track/pull/3650
 [apiserver/#3651]: https://github.com/DependencyTrack/dependency-track/pull/3651
 [apiserver/#3657]: https://github.com/DependencyTrack/dependency-track/pull/3657
+[apiserver/#3659]: https://github.com/DependencyTrack/dependency-track/pull/3659
 
 [frontend/#682]: https://github.com/DependencyTrack/frontend/pull/682
 [frontend/#683]: https://github.com/DependencyTrack/frontend/pull/683

diff --git a/...v1/exception/NotFoundExceptionMapper.java → ...exception/ClientErrorExceptionMapper.java b/...v1/exception/NotFoundExceptionMapper.java → ...exception/ClientErrorExceptionMapper.java
@@ -20,23 +20,23 @@
 
 import alpine.server.resources.GlobalExceptionHandler;
 
-import javax.ws.rs.NotFoundException;
+import javax.ws.rs.ClientErrorException;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.ExceptionMapper;
 import javax.ws.rs.ext.Provider;
 
 /**
- * An {@link ExceptionMapper} to handle {@link NotFoundException}, that would otherwise be
+ * An {@link ExceptionMapper} to handle {@link ClientErrorException}s, that would otherwise be
  * handled by Alpine's {@link GlobalExceptionHandler}, resulting in a misleading {@code HTTP 500} response.
  *
  * @since 4.11.0
  */
 @Provider
-public class NotFoundExceptionMapper implements ExceptionMapper<NotFoundException> {
+public class ClientErrorExceptionMapper implements ExceptionMapper<ClientErrorException> {
 
     @Override
-    public Response toResponse(final NotFoundException exception) {
-        return Response.status(Response.Status.NOT_FOUND).build();
+    public Response toResponse(final ClientErrorException exception) {
+        return exception.getResponse();
     }
 
 }
diff --git a/src/test/java/org/dependencytrack/resources/v1/exception/ClientErrorExceptionMapperTest.java b/src/test/java/org/dependencytrack/resources/v1/exception/ClientErrorExceptionMapperTest.java
@@ -0,0 +1,73 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+package org.dependencytrack.resources.v1.exception;
+
+import org.dependencytrack.ResourceTest;
+import org.glassfish.jersey.server.ResourceConfig;
+import org.glassfish.jersey.servlet.ServletContainer;
+import org.glassfish.jersey.test.DeploymentContext;
+import org.glassfish.jersey.test.ServletDeploymentContext;
+import org.junit.Test;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Response;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class ClientErrorExceptionMapperTest extends ResourceTest {
+
+    @Override
+    protected DeploymentContext configureDeployment() {
+        return ServletDeploymentContext.forServlet(new ServletContainer(
+                        new ResourceConfig(TestResource.class)
+                                .register(ClientErrorExceptionMapper.class)))
+                .build();
+    }
+
+    @Test
+    public void testNotFound() {
+        final Response response = target("/does/not/exist")
+                .request()
+                .get();
+
+        assertThat(response.getStatus()).isEqualTo(404);
+    }
+
+    @Test
+    public void testMethodNotAllowed() {
+        final Response response = target("/test/foo")
+                .request()
+                .delete();
+
+        assertThat(response.getStatus()).isEqualTo(405);
+    }
+
+    @Path("/test")
+    public static class TestResource {
+
+        @GET
+        @Path("/foo")
+        public String foo() {
+            return "foo";
+        }
+
+    }
+
+}
diff --git a/src/test/java/org/dependencytrack/resources/v1/exception/NotFoundExceptionMapperTest.java b/src/test/java/org/dependencytrack/resources/v1/exception/NotFoundExceptionMapperTest.java