Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added exception catches for the OkHTTPClient header vulnerability #3682

Merged
merged 15 commits into from
Aug 2, 2022

Conversation

nayeem-kamal
Copy link
Contributor

What Does This Do

The exceptions added prevent the header secrets from being printed when non-printable characters cause IllegalArgument Exceptions.

Motivation

Additional Notes

@nayeem-kamal nayeem-kamal requested review from a team and ValentinZakharov as code owners July 28, 2022 18:54
@devinsba devinsba added type: bug tag: dependencies Dependencies related changes labels Jul 28, 2022
Copy link
Contributor

@ygree ygree left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest extracting this logic into utility methods to keep it separate and avoid large try-catch blocks

@devinsba
Copy link
Contributor

devinsba commented Jul 29, 2022

I'm on board with the changes @ygree suggested. It changes the structure more but I like that it gives us the ability to report the header in the new exception for every case

Copy link
Contributor

@ygree ygree left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ValentinZakharov
Copy link
Contributor

Perfect solution! 👍

@nayeem-kamal nayeem-kamal merged commit a7564a4 into master Aug 2, 2022
@nayeem-kamal nayeem-kamal deleted the okhttpVuln branch August 2, 2022 18:12
@github-actions github-actions bot added this to the 0.106.0 milestone Aug 2, 2022
@devinsba devinsba linked an issue Aug 2, 2022 that may be closed by this pull request
@bantonsson bantonsson added the tag: security Security related changes label Sep 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
tag: dependencies Dependencies related changes tag: security Security related changes type: bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Okhttp critical vulnerability
5 participants