Problem/Motivation

Claude Opus 4.8 identified the following issue:

Uncaught exceptions bypass sanitized JSON-RPC error path

  AddPushToken::execute() (.../Method/AddPushToken.php:81) only catches \LogicException. But:
  - registerOrRefreshToken() throws PushNotificationsRegistrationTokensException (extends \Exception, not
  \LogicException) in its "too many tokens" / "unable to load" branches.
  - RegistrationToken::preSave() throws PushNotificationsRegistrationTokensInvalidArgumentException — despite the name
  it extends the base \Exception, not PHP's \InvalidArgumentException — when the owner is anonymous/unset.

  Neither is caught, so the deliberate Error::internalError() (sanitized) path is bypassed and the raw exception
  propagates to the JSON-RPC handler, potentially surfacing internal messages. Catch \Throwable (or the module base
  exception) as well, then return internalError().

Let's fix it.

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

Comments

ptmkenny created an issue. See original summary.

ptmkenny’s picture

Title: Uncaught exceptions can cause logs to be printed with token that should be hashed » Ensure exceptions contain only hashed tokens, and ensure exceptions are logged for JSONRPC endpoints

  • ptmkenny committed 57d208f0 on 1.0.x
    fix: #3600759 Ensure exceptions contain only hashed tokens, and ensure...
ptmkenny’s picture

Status: Active » Fixed

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.