From 0f266bdaceb5995f8ff3a376e38bb45cfeaed089 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Tue, 12 May 2020 11:04:35 +0200 Subject: [PATCH 01/12] fix: remove jackson parse error from response (cherry picked from commit 86b5787af63193ee5693aca109c032c066e5f41d) --- .../sdk/ws/controller/DPPPTController.java | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index a7033f6c..eff12874 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -20,6 +20,7 @@ import javax.validation.Valid; +import com.fasterxml.jackson.core.JsonProcessingException; import org.dpppt.backend.sdk.data.DPPPTDataService; import org.dpppt.backend.sdk.model.BucketList; import org.dpppt.backend.sdk.model.ExposedOverview; @@ -36,6 +37,7 @@ import org.springframework.http.ResponseEntity; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.GetMapping; @@ -158,7 +160,7 @@ public DPPPTController(DPPPTDataService dataService, String appSource, if(!validationUtils.isValidBatchReleaseTime(batchReleaseTime)) { return ResponseEntity.notFound().build(); } - + List exposeeList = dataService.getSortedExposedForBatchReleaseTime(batchReleaseTime, batchLength); ExposedOverview overview = new ExposedOverview(exposeeList); overview.setBatchReleaseTime(batchReleaseTime); @@ -206,21 +208,11 @@ public DPPPTController(DPPPTDataService dataService, String appSource, return ResponseEntity.ok(list); } - @ExceptionHandler(IllegalArgumentException.class) + @ExceptionHandler({IllegalArgumentException.class, InvalidDateException.class, JsonProcessingException.class, + MethodArgumentNotValidException.class, BadBatchReleaseTimeException.class}) @ResponseStatus(HttpStatus.BAD_REQUEST) public ResponseEntity invalidArguments() { return ResponseEntity.badRequest().build(); } - @ExceptionHandler(InvalidDateException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidDate() { - return ResponseEntity.badRequest().build(); - } - @ExceptionHandler(BadBatchReleaseTimeException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidBatchReleaseTime() { - return ResponseEntity.badRequest().build(); - } - } From f6f744c89e432da835a09eb15d6ffd5f95801018 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Tue, 12 May 2020 11:06:35 +0200 Subject: [PATCH 02/12] fix: error 400 on invalid date (cherry picked from commit d9a5eabab6284f3a8465747172b09d08c05d2fa1) --- .../org/dpppt/backend/sdk/ws/controller/DPPPTController.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index eff12874..d4ecc5dd 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -14,6 +14,7 @@ import java.time.LocalDate; import java.time.OffsetDateTime; import java.time.ZoneOffset; +import java.time.format.DateTimeParseException; import java.util.ArrayList; import java.util.Base64; import java.util.List; @@ -209,7 +210,7 @@ public DPPPTController(DPPPTDataService dataService, String appSource, } @ExceptionHandler({IllegalArgumentException.class, InvalidDateException.class, JsonProcessingException.class, - MethodArgumentNotValidException.class, BadBatchReleaseTimeException.class}) + MethodArgumentNotValidException.class, BadBatchReleaseTimeException.class, DateTimeParseException.class}) @ResponseStatus(HttpStatus.BAD_REQUEST) public ResponseEntity invalidArguments() { return ResponseEntity.badRequest().build(); From 9c080e8940aede20b60bcc2fd9bda74af4d3af4f Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Tue, 12 May 2020 11:10:13 +0200 Subject: [PATCH 03/12] fix: handle Long overflow exception Negative year values are parsed by LocalDate.parse() which can cause overlow exceptions resulting in error 500. (cherry picked from commit 2b03f2e1f03e880df27a597dcb4ec8f677d5e571) --- .../org/dpppt/backend/sdk/ws/controller/DPPPTController.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index d4ecc5dd..eb2e459f 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -196,6 +196,9 @@ public DPPPTController(DPPPTDataService dataService, String appSource, @GetMapping(value = "/buckets/{dayDateStr}", produces = "application/json") public @ResponseBody ResponseEntity getListOfBuckets(@PathVariable String dayDateStr) { OffsetDateTime day = LocalDate.parse(dayDateStr).atStartOfDay().atOffset(ZoneOffset.UTC); + if (day.toEpochSecond() < 0) { + return ResponseEntity.badRequest().build(); + } OffsetDateTime currentBucket = day; OffsetDateTime now = OffsetDateTime.now().withOffsetSameInstant(ZoneOffset.UTC); List bucketList = new ArrayList<>(); From a1ee334522161a502c3026461ccb0b58cf7962a8 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Tue, 12 May 2020 11:25:02 +0200 Subject: [PATCH 04/12] fix: check for null values in exposed keys array (cherry picked from commit f2c88ad5d2a37f461fc764c08f69b36066af039a) --- .../org/dpppt/backend/sdk/ws/controller/DPPPTController.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index eb2e459f..ea9dfb12 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -128,6 +128,9 @@ public DPPPTController(DPPPTDataService dataService, String appSource, List exposees = new ArrayList<>(); for (var exposedKey : exposeeRequests.getExposedKeys()) { + if (exposedKey == null) { + return ResponseEntity.badRequest().build(); + } if (!validationUtils.isValidBase64Key(exposedKey.getKey())) { return new ResponseEntity<>("No valid base64 key", HttpStatus.BAD_REQUEST); } From b04cc99ae926e068abe59c53ac8e5dd52d079080 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Thu, 4 Jun 2020 10:40:41 +0200 Subject: [PATCH 05/12] fix: handle batchReleaseTime null values (cherry picked from commit 82b0ca0f362771fd41f85c415f66789469a15043) --- .../java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java index ef749ed7..cb364a9f 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java @@ -59,7 +59,7 @@ public boolean isValidKeyDate(Long keyDate) { } public boolean isValidBatchReleaseTime(Long batchReleaseTime) throws BadBatchReleaseTimeException { - if (batchReleaseTime % batchLength != 0) { + if (batchReleaseTime == null || batchReleaseTime % batchLength != 0) { throw new BadBatchReleaseTimeException(); } // hardcoded date so that the fuzzing corpus does not get invalidated over time From 21fda74983fa01e1f17520a7bd32968960abfb36 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Thu, 4 Jun 2020 14:06:24 +0200 Subject: [PATCH 06/12] fix: handle keyDate null value (cherry picked from commit 227b3a3a00a932678434257662966bf6a9046d1d) --- .../java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java index cb364a9f..a744e984 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java @@ -55,7 +55,7 @@ public boolean isDateInRange(OffsetDateTime timestamp) { * @return */ public boolean isValidKeyDate(Long keyDate) { - return (Instant.ofEpochMilli(keyDate).atOffset(ZoneOffset.UTC).getHour() == 0); + return keyDate != null && (Instant.ofEpochMilli(keyDate).atOffset(ZoneOffset.UTC).getHour() == 0); } public boolean isValidBatchReleaseTime(Long batchReleaseTime) throws BadBatchReleaseTimeException { From 22f47a386c9cdad474631b3ce98fbd992e5cfb3e Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Thu, 4 Jun 2020 14:07:36 +0200 Subject: [PATCH 07/12] fix: do not return unsanitized jackson error messages in 400 response (cherry picked from commit fcb17a6895b0eccb5459cf32209a0c87ab2580c2) --- .../sdk/ws/controller/GaenController.java | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java index 36a39ca5..3ef32bd0 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java @@ -18,6 +18,7 @@ import java.time.Instant; import java.time.LocalDate; import java.time.ZoneOffset; +import java.time.format.DateTimeParseException; import java.util.ArrayList; import java.util.Base64; import java.util.Date; @@ -27,6 +28,7 @@ import javax.validation.Valid; +import com.fasterxml.jackson.core.JsonProcessingException; import org.dpppt.backend.sdk.data.gaen.FakeKeyService; import org.dpppt.backend.sdk.data.gaen.GAENDataService; import org.dpppt.backend.sdk.model.gaen.DayBuckets; @@ -50,6 +52,7 @@ import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -316,21 +319,10 @@ private void normalizeRequestTime(long now) { } } - @ExceptionHandler(IllegalArgumentException.class) + @ExceptionHandler({IllegalArgumentException.class, InvalidDateException.class, JsonProcessingException.class, + MethodArgumentNotValidException.class, BadBatchReleaseTimeException.class, DateTimeParseException.class}) @ResponseStatus(HttpStatus.BAD_REQUEST) public ResponseEntity invalidArguments() { return ResponseEntity.badRequest().build(); } - - @ExceptionHandler(InvalidDateException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidDate() { - return ResponseEntity.badRequest().build(); - } - - @ExceptionHandler(BadBatchReleaseTimeException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidBatchReleaseTime() { - return ResponseEntity.badRequest().build(); - } } \ No newline at end of file From dd14b056ee2e4ab946b24762dbde2980c925b6eb Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Mon, 8 Jun 2020 21:14:31 +0200 Subject: [PATCH 08/12] fix: invalidate exposed keys lists containing null elements (cherry picked from commit 674a980c20ee45221103a6bd4b3e2ff2a5ca7a68) --- .../java/org/dpppt/backend/sdk/model/ExposeeRequestList.java | 2 +- .../org/dpppt/backend/sdk/ws/controller/DPPPTController.java | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java b/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java index e93f25d5..0373f35c 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java @@ -8,7 +8,7 @@ public class ExposeeRequestList { @NotNull @NotEmpty - List exposedKeys; + List<@NotNull ExposedKey> exposedKeys; private Integer fake = 0; diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index ea9dfb12..eb2e459f 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -128,9 +128,6 @@ public DPPPTController(DPPPTDataService dataService, String appSource, List exposees = new ArrayList<>(); for (var exposedKey : exposeeRequests.getExposedKeys()) { - if (exposedKey == null) { - return ResponseEntity.badRequest().build(); - } if (!validationUtils.isValidBase64Key(exposedKey.getKey())) { return new ResponseEntity<>("No valid base64 key", HttpStatus.BAD_REQUEST); } From 68037b0d62feb33f3a56a2ee613ab5be84959786 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Mon, 8 Jun 2020 21:18:35 +0200 Subject: [PATCH 09/12] switch Long to long where null value is not needed (cherry picked from commit 3f0d8fdf2b340d3a6ea6f448ed7da83202eab7b4) --- .../java/org/dpppt/backend/sdk/data/DPPPTDataService.java | 4 ++-- .../dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java | 4 ++-- .../dpppt/backend/sdk/ws/controller/DPPPTController.java | 8 ++++---- .../dpppt/backend/sdk/ws/controller/DebugController.java | 2 +- .../dpppt/backend/sdk/ws/controller/GaenController.java | 4 ++-- .../org/dpppt/backend/sdk/ws/util/ValidationUtils.java | 8 ++++---- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java index e6324809..89360054 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java @@ -40,7 +40,7 @@ public interface DPPPTDataService { * @param batchLength * @return */ - int getMaxExposedIdForBatchReleaseTime(Long batchReleaseTime, long batchLength); + int getMaxExposedIdForBatchReleaseTime(long batchReleaseTime, long batchLength); /** * Returns all exposees for the given batch. @@ -49,7 +49,7 @@ public interface DPPPTDataService { * @param batchLength * @return */ - List getSortedExposedForBatchReleaseTime(Long batchReleaseTime, long batchLength); + List getSortedExposedForBatchReleaseTime(long batchReleaseTime, long batchLength); /** * deletes entries older than retentionperiod diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java index dfcc37e7..54db6a25 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java @@ -82,7 +82,7 @@ public void upsertExposees(List exposees, String appSource) { @Override @Transactional(readOnly = true) - public int getMaxExposedIdForBatchReleaseTime(Long batchReleaseTime, long batchLength) { + public int getMaxExposedIdForBatchReleaseTime(long batchReleaseTime, long batchLength) { MapSqlParameterSource params = new MapSqlParameterSource(); params.addValue("batchReleaseTime", Date.from(Instant.ofEpochMilli(batchReleaseTime))); params.addValue("startBatch", Date.from(Instant.ofEpochMilli(batchReleaseTime - batchLength))); @@ -97,7 +97,7 @@ public int getMaxExposedIdForBatchReleaseTime(Long batchReleaseTime, long batchL @Override @Transactional(readOnly = true) - public List getSortedExposedForBatchReleaseTime(Long batchReleaseTime, long batchLength) { + public List getSortedExposedForBatchReleaseTime(long batchReleaseTime, long batchLength) { String sql = "select pk_exposed_id, key, key_date from t_exposed where received_at >= :startBatch and received_at < :batchReleaseTime order by pk_exposed_id desc"; MapSqlParameterSource params = new MapSqlParameterSource(); params.addValue("batchReleaseTime", Date.from(Instant.ofEpochMilli(batchReleaseTime))); diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index eb2e459f..0dd68399 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -156,7 +156,7 @@ public DPPPTController(DPPPTDataService dataService, String appSource, @CrossOrigin(origins = { "https://editor.swagger.io" }) @GetMapping(value = "/exposedjson/{batchReleaseTime}", produces = "application/json") - public @ResponseBody ResponseEntity getExposedByDayDate(@PathVariable Long batchReleaseTime, + public @ResponseBody ResponseEntity getExposedByDayDate(@PathVariable long batchReleaseTime, WebRequest request) throws BadBatchReleaseTimeException{ if(!validationUtils.isValidBatchReleaseTime(batchReleaseTime)) { return ResponseEntity.notFound().build(); @@ -166,12 +166,12 @@ public DPPPTController(DPPPTDataService dataService, String appSource, ExposedOverview overview = new ExposedOverview(exposeeList); overview.setBatchReleaseTime(batchReleaseTime); return ResponseEntity.ok().cacheControl(CacheControl.maxAge(Duration.ofMinutes(exposedListCacheContol))) - .header("X-BATCH-RELEASE-TIME", batchReleaseTime.toString()).body(overview); + .header("X-BATCH-RELEASE-TIME", Long.toString(batchReleaseTime)).body(overview); } @CrossOrigin(origins = { "https://editor.swagger.io" }) @GetMapping(value = "/exposed/{batchReleaseTime}", produces = "application/x-protobuf") - public @ResponseBody ResponseEntity getExposedByBatch(@PathVariable Long batchReleaseTime, + public @ResponseBody ResponseEntity getExposedByBatch(@PathVariable long batchReleaseTime, WebRequest request) throws BadBatchReleaseTimeException { if(!validationUtils.isValidBatchReleaseTime(batchReleaseTime)) { return ResponseEntity.notFound().build(); @@ -189,7 +189,7 @@ public DPPPTController(DPPPTDataService dataService, String appSource, .setBatchReleaseTime(batchReleaseTime).build(); return ResponseEntity.ok().cacheControl(CacheControl.maxAge(Duration.ofMinutes(exposedListCacheContol))) - .header("X-BATCH-RELEASE-TIME", batchReleaseTime.toString()).body(protoExposee); + .header("X-BATCH-RELEASE-TIME", Long.toString(batchReleaseTime)).body(protoExposee); } @CrossOrigin(origins = { "https://editor.swagger.io" }) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java index 97eff0a4..753c6df8 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java @@ -91,7 +91,7 @@ public DebugController(DebugGAENDataService dataService, ProtoSignature gaenSign } @GetMapping(value = "/exposed/{batchReleaseTime}", produces = "application/zip") - public @ResponseBody ResponseEntity getExposedKeys(@PathVariable Long batchReleaseTime, WebRequest request) + public @ResponseBody ResponseEntity getExposedKeys(@PathVariable long batchReleaseTime, WebRequest request) throws BadBatchReleaseTimeException, IOException, InvalidKeyException, NoSuchAlgorithmException, SignatureException { diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java index 3ef32bd0..78d1bf09 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java @@ -224,7 +224,7 @@ public GaenController(GAENDataService dataService, FakeKeyService fakeKeyService } @GetMapping(value = "/exposed/{keyDate}", produces = "application/zip") - public @ResponseBody ResponseEntity getExposedKeys(@PathVariable Long keyDate, + public @ResponseBody ResponseEntity getExposedKeys(@PathVariable long keyDate, @RequestParam(required = false) Long publishedafter, WebRequest request) throws BadBatchReleaseTimeException, IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException { @@ -258,7 +258,7 @@ public GaenController(GAENDataService dataService, FakeKeyService fakeKeyService } @GetMapping(value = "/exposedjson/{keyDate}", produces = "application/json") - public @ResponseBody ResponseEntity getExposedKeysAsJson(@PathVariable Long keyDate, + public @ResponseBody ResponseEntity getExposedKeysAsJson(@PathVariable long keyDate, @RequestParam(required = false) Long publishedafter, WebRequest request) throws BadBatchReleaseTimeException { if (!validationUtils.isValidKeyDate(keyDate)) { diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java index a744e984..f6fc7997 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java @@ -54,12 +54,12 @@ public boolean isDateInRange(OffsetDateTime timestamp) { * @param keyDate * @return */ - public boolean isValidKeyDate(Long keyDate) { - return keyDate != null && (Instant.ofEpochMilli(keyDate).atOffset(ZoneOffset.UTC).getHour() == 0); + public boolean isValidKeyDate(long keyDate) { + return (Instant.ofEpochMilli(keyDate).atOffset(ZoneOffset.UTC).getHour() == 0); } - public boolean isValidBatchReleaseTime(Long batchReleaseTime) throws BadBatchReleaseTimeException { - if (batchReleaseTime == null || batchReleaseTime % batchLength != 0) { + public boolean isValidBatchReleaseTime(long batchReleaseTime) throws BadBatchReleaseTimeException { + if (batchReleaseTime % batchLength != 0) { throw new BadBatchReleaseTimeException(); } // hardcoded date so that the fuzzing corpus does not get invalidated over time From b3d098bc9006a6a46d210bb047956fbb5f339943 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Mon, 8 Jun 2020 21:20:04 +0200 Subject: [PATCH 10/12] Revert "fix: handle Long overflow exception" This reverts commit 0f63de6f (cherry picked from commit fb8308e279d407dbac2d7bf81906220877661d9b) --- .../org/dpppt/backend/sdk/ws/controller/DPPPTController.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index 0dd68399..8cfaa833 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -196,9 +196,6 @@ public DPPPTController(DPPPTDataService dataService, String appSource, @GetMapping(value = "/buckets/{dayDateStr}", produces = "application/json") public @ResponseBody ResponseEntity getListOfBuckets(@PathVariable String dayDateStr) { OffsetDateTime day = LocalDate.parse(dayDateStr).atStartOfDay().atOffset(ZoneOffset.UTC); - if (day.toEpochSecond() < 0) { - return ResponseEntity.badRequest().build(); - } OffsetDateTime currentBucket = day; OffsetDateTime now = OffsetDateTime.now().withOffsetSameInstant(ZoneOffset.UTC); List bucketList = new ArrayList<>(); From 4b274a32b032ae10670e2c96c823c6a0f7f03afd Mon Sep 17 00:00:00 2001 From: Willian Roque Date: Mon, 19 Apr 2021 13:55:31 +0200 Subject: [PATCH 11/12] Update GitHub Action --- .github/workflows/main.yml | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a72d3fa9..51a9a48a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: CI +name: Code Intelligence Fuzzing on: push: @@ -7,9 +7,8 @@ on: branches: [ master, demo_before_fix ] env: - PROJECT_NAME: dp3t - FUZZING_SERVER_ADDRESS: grpc-api.demo.code-intelligence.com:443 - DASHBOARD_ADDRESS: https://app.demo.code-intelligence.com + FUZZING_SERVER_ADDRESS: demo.code-intelligence.com:6773 + WEB_APP_ADDRESS: https://demo.code-intelligence.com jobs: fuzz_AllController: @@ -17,38 +16,35 @@ jobs: steps: - id: start-fuzzing name: Build and Instrument - uses: CodeIntelligenceTesting/github-actions/start-fuzzing@master + uses: CodeIntelligenceTesting/github-actions/start-fuzzing@v3 with: ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }} - project: ${{ env.PROJECT_NAME }} - test_collection: "AllController" + test_collection: "projects/organizations_82cc3b42e291d178_dp3t-a20f89fc/campaigns/AllController-a7e91866" git_reference: ${{ github.sha }} - fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} + fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} - id: monitor-fuzzing name: Fuzzing - uses: CodeIntelligenceTesting/github-actions/monitor-fuzzing@master + uses: CodeIntelligenceTesting/github-actions/monitor-fuzzing@v3 with: ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }} - project: ${{ env.PROJECT_NAME }} - test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run_display_name }} + test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }} github_token: ${{ secrets.GITHUB_TOKEN }} pull_request_number: ${{ github.event.pull_request.number }} owner: ${{ github.event.repository.owner.login }} repository: ${{ github.event.repository.name }} fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} - dashboard_address: ${{ env.DASHBOARD_ADDRESS }} + dashboard_address: ${{ env.WEB_APP_ADDRESS }} - id: report-coverage name: Report Coverage - uses: CodeIntelligenceTesting/github-actions/report-coverage@master + uses: CodeIntelligenceTesting/github-actions/report-coverage@v3 if: ${{ github.event_name == 'pull_request' && (success() || failure()) }} with: ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }} - project: ${{ env.PROJECT_NAME }} - test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run_resource_name }} + test_collection_run: ${{ steps.start-fuzzing.outputs.test_collection_run }} github_token: ${{ secrets.GITHUB_TOKEN }} pull_request_number: ${{ github.event.pull_request.number }} owner: ${{ github.event.repository.owner.login }} repository: ${{ github.event.repository.name }} git_reference: ${{ github.sha }} fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} - dashboard_address: ${{ env.DASHBOARD_ADDRESS }} + dashboard_address: ${{ env.WEB_APP_ADDRESS }} From fd16b8af84ffb80d937c85e2ddddefcbfbbea45c Mon Sep 17 00:00:00 2001 From: Willian Roque Date: Mon, 19 Apr 2021 14:01:18 +0200 Subject: [PATCH 12/12] setup fuzzing for all end points --- .code-intelligence/fuzz_targets/FuzzTarget_AllController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.code-intelligence/fuzz_targets/FuzzTarget_AllController.java b/.code-intelligence/fuzz_targets/FuzzTarget_AllController.java index 8f47cbe9..8f1ca39c 100644 --- a/.code-intelligence/fuzz_targets/FuzzTarget_AllController.java +++ b/.code-intelligence/fuzz_targets/FuzzTarget_AllController.java @@ -39,7 +39,7 @@ public static void fuzzerInitialize(String[] fuzzerArgs) { System.getProperties().put("logging.level.org.springframework.web", "error"); String[] springBootArgs = {}; try { - StartWebGoat.main(springBootArgs); + Application.main(springBootArgs); } catch (Exception e) { e.printStackTrace(); throw new RuntimeException("Failed to start application.");