GuardAPI Logo
GuardAPI

Fix Improper Error Handling in Quarkus

Improper error handling in Quarkus leads to information disclosure. Default behaviors or lazy try-catch blocks often leak stack traces, dependency versions, and internal business logic to the client. This technical guide demonstrates how to implement a global ExceptionMapper to sanitize responses and prevent reconnaissance.

The Vulnerable Pattern

@Path("/api/data")
public class DataResource {
    @GET
    @Path("/{id}")
    public Response getData(@PathParam("id") String id) {
        try {
            return Response.ok(service.fetch(id)).build();
        } catch (Exception e) {
            // VULNERABLE: Directly returning exception details to the client
            return Response.status(500).entity(e.getMessage()).build();
        }
    }
}

The Secure Implementation

The secure implementation utilizes a JAX-RS @Provider to intercept all unhandled Throwables. Instead of leaking the exception message or stack trace, we generate a unique Correlation ID (errorId). This ID is logged to a secure internal sink (e.g., ELK, Splunk) alongside the actual exception. The client receives only a generic message and the reference ID, allowing developers to trace the issue without providing attackers with a roadmap of the application's internals.

@Provider
public class GlobalExceptionMapper implements ExceptionMapper {
    private static final Logger LOG = Logger.getLogger(GlobalExceptionMapper.class);

@Override
public Response toResponse(Throwable exception) {
    String errorId = UUID.randomUUID().toString();
    // Log the full stack trace internally for debugging
    LOG.error("Internal Error ID: " + errorId, exception);

    // Return a sanitized, generic message to the user
    Map<String, String> errorResponse = Map.of(
        "message", "An unexpected error occurred.",
        "error_reference", errorId
    );

    return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
            .entity(errorResponse)
            .type(MediaType.APPLICATION_JSON)
            .build();
}


}

System Alert • ID: 6318
Target: Quarkus API
Potential Vulnerability

Your Quarkus API might be exposed to Improper Error Handling

74% of Quarkus apps fail this check. Hackers use automated scanners to find this specific flaw. Check your codebase before they do.

RUN FREE SECURITY DIAGNOSTIC
GuardLabs Engine: ONLINE

Free Tier • No Credit Card • Instant Report

Verified by Ghost Labs Security Team

This content is continuously validated by our automated security engine and reviewed by our research team. Ghost Labs analyzes over 500+ vulnerability patterns across 40+ frameworks to provide up-to-date remediation strategies.

About GuardLabs → Follow us on X