IBM Verify

 View Only

 Information Leakage from an Error Message - "JSPG0036E: Failed to find resource {URL} trying to hit"

Rajkumar Manibharathy's profile image
Rajkumar Manibharathy posted Wed January 08, 2025 11:33 AM

Information Leakage from an Error Message

Tried to fix the information leakage through Lua Transformation as per IBM Support. However, it failed am I missing any pre-requisites?
Error - "JSPG0036E: Failed to find resource {URL} trying to hit"

Lua script applied - 


local function transform_response(url, content)
    if url == "{URL}" then
        -- Replace entire response body with "Unauthorized Access""
        return "Unauthorized Access""
    end
    return content
end

-- Simulate request handling
local url_requested = "{URL}"
local original_response = "JSPG0036E: Failed to find resource {URL} trying to hit"

-- Perform transformation
local new_response_body = transform_response(url_requested, original_response)

print("Transformed response body:", new_response_body)


Soultion i am looking for -
While hitting the {URL} instead of the error message leaking the information I need it as "Unauthorized Access"