GET /api/attachments returns 500 Internal Server Error instead of 400 Bad Request when sha1 parameter is missing

[Shivamrut]

Description:

GET /api/attachments requires a mandatory sha1 query parameter. When the parameter is omitted, Spring throws MissingServletRequestParameterException which should map to 400 Bad Request. Instead, the endpoint returns 500 Internal Server Error due to a gap in RestExceptionHandler.

Affected file:
rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/core/RestExceptionHandler.java

Screenshot

How to reproduce:

1. Authenticate to the SW360 REST API with any valid account.
2. Send GET /api/attachments with no query parameters.
3. Observe the response is 500 Internal Server Error with message Required request parameter 'sha1' for method parameter type String is not present.

Expected: 400 Bad Request : the client made an invalid request by omitting a required parameter.
Actual: 500 Internal Server Error : misleads the caller into thinking the server crashed.

Root cause:

RestExceptionHandler has a catch-all handler for Exception.class that returns 500:

@ExceptionHandler({Exception.class, TException.class, ResourceClassNotFoundException.class})
public ResponseEntity<ErrorMessage> handleException(Exception e) {
    return new ResponseEntity<>(new ErrorMessage(e, HttpStatus.INTERNAL_SERVER_ERROR), ...);
}

MissingServletRequestParameterException extends ServletRequestBindingException → BindException → Exception. It is not a RuntimeException, so it bypasses the existing RuntimeException → 400 handler and falls into the catch-all Exception → 500 handler.

The sibling RuntimeException handler correctly returns 400 but MissingServletRequestParameterException never reaches it.