diff --git a/lib/src/http/response_format_exception.dart b/lib/src/http/response_format_exception.dart index 8c2a5d99..dea1eeb1 100644 --- a/lib/src/http/response_format_exception.dart +++ b/lib/src/http/response_format_exception.dart @@ -34,25 +34,21 @@ class ResponseFormatException implements Exception { ResponseFormatException(this.contentType, this.encoding, {this.body, this.bytes}); - /// Descriptive error message that includes the content-type, encoding, as - /// well as the string or bytes that could not be encoded or decoded, - /// respectively. + /// Error message that includes the content-type an encoding String get message { String description; - String bodyLine; if (body != null) { description = 'Body could not be encoded.'; - bodyLine = 'Body: $body'; } else { description = 'Bytes could not be decoded.'; - bodyLine = 'Bytes: $bytes'; } String msg = description; final encodingName = encoding?.name ?? 'null'; msg += '\n\tContent-Type: $contentType'; msg += '\n\tEncoding: $encodingName'; - msg += '\n\t$bodyLine'; + // WARNING: Do not include `bytes` or `body` in the error message. It may contain + // sensitive information that we do not want logged. return msg; } diff --git a/test/unit/http/http_body_test.dart b/test/unit/http/http_body_test.dart index 3579d65e..8fd70874 100644 --- a/test/unit/http/http_body_test.dart +++ b/test/unit/http/http_body_test.dart @@ -187,7 +187,7 @@ void main() { expect(exception.toString(), contains('Body could not be encoded')); expect(exception.toString(), contains('Content-Type: $contentType')); expect(exception.toString(), contains('Encoding: ${ascii.name}')); - expect(exception.toString(), contains('bodyçå®')); + expect(exception.toString(), isNot(contains('bodyçå®'))); }); test('should throw ResponseFormatException if bytes cannot be decoded', @@ -210,8 +210,8 @@ void main() { expect(exception.toString(), contains('Bytes could not be decoded')); expect(exception.toString(), contains('Content-Type: $contentType')); expect(exception.toString(), contains('Encoding: ${ascii.name}')); - expect( - exception.toString(), contains(utf8.encode('bodyçå®').toString())); + expect(exception.toString(), + isNot(contains(utf8.encode('bodyçå®')).toString())); }); }); diff --git a/test/unit/http/response_format_exception_test.dart b/test/unit/http/response_format_exception_test.dart index a003a0bd..11086287 100644 --- a/test/unit/http/response_format_exception_test.dart +++ b/test/unit/http/response_format_exception_test.dart @@ -36,8 +36,8 @@ void main() { expect(exception.toString(), contains('Bytes could not be decoded')); expect(exception.toString(), contains('Content-Type: $contentType')); expect(exception.toString(), contains('Encoding: ${ascii.name}')); - expect( - exception.toString(), contains(utf8.encode('bodyçå®').toString())); + // Do not log bytes, which may contain sensitive information + expect(exception.toString(), isNot(contains(bytes).toString())); }); test('should detail why string could not be encoded', () { @@ -49,7 +49,8 @@ void main() { expect(exception.toString(), contains('Body could not be encoded')); expect(exception.toString(), contains('Content-Type: $contentType')); expect(exception.toString(), contains('Encoding: ${ascii.name}')); - expect(exception.toString(), contains('bodyçå®')); + // Do not log body, which may contain sensitive information + expect(exception.toString(), isNot(contains(body))); }); test('should warn if encoding is null', () { @@ -61,7 +62,8 @@ void main() { expect(exception.toString(), contains('Body could not be encoded')); expect(exception.toString(), contains('Content-Type: $contentType')); expect(exception.toString(), contains('Encoding: null')); - expect(exception.toString(), contains('bodyçå®')); + // Do not log body, which may contain sensitive information + expect(exception.toString(), isNot(contains(body))); }); }); });