From 9bd982b1054c5e9f4a11c4788644e9e15bb23558 Mon Sep 17 00:00:00 2001
From: Kristóf Marussy <kristof@marussy.com>
Date: Sat, 24 Feb 2024 21:25:57 +0100
Subject: fix(web): Sonar security issue

See
https://sonarcloud.io/organizations/graphs4value/rules?open=java%3AS1989&rule_key=java%3AS1989
---
 .../language/web/config/BackendConfigServlet.java    | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 'subprojects/language-web')

diff --git a/subprojects/language-web/src/main/java/tools/refinery/language/web/config/BackendConfigServlet.java b/subprojects/language-web/src/main/java/tools/refinery/language/web/config/BackendConfigServlet.java
index 7d0a5122..5a57ad71 100644
--- a/subprojects/language-web/src/main/java/tools/refinery/language/web/config/BackendConfigServlet.java
+++ b/subprojects/language-web/src/main/java/tools/refinery/language/web/config/BackendConfigServlet.java
@@ -12,10 +12,14 @@ import jakarta.servlet.http.HttpServlet;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.eclipse.jetty.http.HttpStatus;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
 
 public class BackendConfigServlet extends HttpServlet {
+	private static final Logger LOG = LoggerFactory.getLogger(BackendConfigServlet.class);
+
 	public static final String WEBSOCKET_URL_INIT_PARAM = "tools.refinery.language.web.config.BackendConfigServlet" +
 			".webSocketUrl";
 
@@ -31,11 +35,19 @@ public class BackendConfigServlet extends HttpServlet {
 	}
 
 	@Override
-	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
 		resp.setStatus(HttpStatus.OK_200);
 		resp.setContentType("application/json");
-		var writer = resp.getWriter();
-		writer.write(serializedConfig);
-		writer.flush();
+		try {
+			var writer = resp.getWriter();
+			writer.write(serializedConfig);
+			writer.flush();
+		} catch (IOException e) {
+			LOG.error("Failed to write backend config", e);
+			if (!resp.isCommitted()) {
+				resp.reset();
+				resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+			}
+		}
 	}
 }
-- 
cgit v1.2.3-54-g00ecf