rspec/rules/S6776/csharp/how-to-fix-it/asp.net.adoc

== How to fix it in ASP.NET

Implement proper error handling by reporting customized error messages that do not contain a detailed stack trace. Log the exception stack trace if needed.

=== Code examples

==== Noncompliant code example

[source,csharp,diff-id=1,diff-type=noncompliant]
----
[ApiController]
[Route("/")]
public class StacktraceController : ControllerBase
{
    [HttpGet("Exception")]
    public string ExceptionEndpoint()
    {
        try {
            throw new InvalidOperationException(ExceptionMessage);
        }
        catch (Exception ex) {
            return ex.StackTrace; // Noncompliant
        }
        return "Ok";
    }
}
----

==== Compliant solution

[source,csharp,diff-id=1,diff-type=compliant]
----
[ApiController]
[Route("/")]
public class StacktraceController : ControllerBase
{
    private readonly ILogger<StacktraceController> Logger;

    public StacktraceController(ILogger<StacktraceController> logger)
    {
        Logger = logger;
    }

    [HttpGet("Exception")]
    public string ExceptionEndpoint()
    {
        try {
            throw new InvalidOperationException(ExceptionMessage);
        }
        catch (Exception ex) {
            Logger.LogError(ex.StackTrace);
        }
        return "Ok";
    }
}
----