Java Runtime Error Message - While accessing the link in CCPro

Hello,

We had a Web Security scan for our application TeamSite 7.2 CCPro and they came up with a failed scenario were the Java run time exceptions are captured when accessing the below links.

http://hostname/iw-cc/command/iw.ccpro.list_branches

org.apache.jsp.ccpro.filesys.branch_005fnavigation.lists.list_005fbranches_j
sp._jspService(list_005fbranches_jsp.java:810)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.jasper.servlet.JspServletWrapper.service
(JspServletWrapper.java:373)
at org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:336)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterCha...TRUNCATED...

any suggestions ?

Regards
Santhosh

Find more posts tagged with

Comments

Bhargav Coca

Hello,

We had a Web Security scan for our application TeamSite 7.2 CCPro and they came up with a failed scenario were the Java run time exceptions are captured when accessing the below links.

http://hostname/iw-cc/command/iw.ccpro.list_branches

org.apache.jsp.ccpro.filesys.branch_005fnavigation.lists.list_005fbranches_j
sp._jspService(list_005fbranches_jsp.java:810)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.jasper.servlet.JspServletWrapper.service
(JspServletWrapper.java:373)
at org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:336)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterCha...TRUNCATED...

any suggestions ?

Regards
Santhosh

Hi Santhosh,
You will get a null pointer exception with the URL which you have mentioned. The list_branches takes the vpath of the branch as an argument and if you pass the argument you get to see whats in the branch.

[html]
Ex: http:///iw-cc/command/iw.ccpro.list_branches?vpath=///default/main/YourBranch
[/html]

Thanks

Santhosh979

Hi,

Ok, I got your point.

But one question. If an invalid argument is passed, should Team site handle the exception and throw some error message, instead of throwing back the exception ?

Regards
Santhosh

Bhargav Coca

Hi,

Ok, I got your point.

But one question. If an invalid argument is passed, should Team site handle the exception and throw some error message, instead of throwing back the exception ?

Regards
Santhosh

TeamSite did handle the exception by telling you that "No path specified." and also gave you what kind of exception it was.

Adam Stoller

Hi,

Ok, I got your point.

But one question. If an invalid argument is passed, should Team site handle the exception and throw some error message, instead of throwing back the exception ?

Regards
Santhosh

There are many places where it would be nice to have gracefully handled errors / exceptions - unfortunately, that's never been a high priority amongst the developers / product managers (not just for Interwoven products) who seem to feel that Java's exception messages are sufficient to tell you (or them) that you did something wrong.