From 0f266bdaceb5995f8ff3a376e38bb45cfeaed089 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Tue, 12 May 2020 11:04:35 +0200 Subject: [PATCH 01/10] fix: remove jackson parse error from response (cherry picked from commit 86b5787af63193ee5693aca109c032c066e5f41d) --- .../sdk/ws/controller/DPPPTController.java | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index a7033f6c..eff12874 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -20,6 +20,7 @@ import javax.validation.Valid; +import com.fasterxml.jackson.core.JsonProcessingException; import org.dpppt.backend.sdk.data.DPPPTDataService; import org.dpppt.backend.sdk.model.BucketList; import org.dpppt.backend.sdk.model.ExposedOverview; @@ -36,6 +37,7 @@ import org.springframework.http.ResponseEntity; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.GetMapping; @@ -158,7 +160,7 @@ public DPPPTController(DPPPTDataService dataService, String appSource, if(!validationUtils.isValidBatchReleaseTime(batchReleaseTime)) { return ResponseEntity.notFound().build(); } - + List exposeeList = dataService.getSortedExposedForBatchReleaseTime(batchReleaseTime, batchLength); ExposedOverview overview = new ExposedOverview(exposeeList); overview.setBatchReleaseTime(batchReleaseTime); @@ -206,21 +208,11 @@ public DPPPTController(DPPPTDataService dataService, String appSource, return ResponseEntity.ok(list); } - @ExceptionHandler(IllegalArgumentException.class) + @ExceptionHandler({IllegalArgumentException.class, InvalidDateException.class, JsonProcessingException.class, + MethodArgumentNotValidException.class, BadBatchReleaseTimeException.class}) @ResponseStatus(HttpStatus.BAD_REQUEST) public ResponseEntity invalidArguments() { return ResponseEntity.badRequest().build(); } - @ExceptionHandler(InvalidDateException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidDate() { - return ResponseEntity.badRequest().build(); - } - @ExceptionHandler(BadBatchReleaseTimeException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidBatchReleaseTime() { - return ResponseEntity.badRequest().build(); - } - } From f6f744c89e432da835a09eb15d6ffd5f95801018 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Tue, 12 May 2020 11:06:35 +0200 Subject: [PATCH 02/10] fix: error 400 on invalid date (cherry picked from commit d9a5eabab6284f3a8465747172b09d08c05d2fa1) --- .../org/dpppt/backend/sdk/ws/controller/DPPPTController.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index eff12874..d4ecc5dd 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -14,6 +14,7 @@ import java.time.LocalDate; import java.time.OffsetDateTime; import java.time.ZoneOffset; +import java.time.format.DateTimeParseException; import java.util.ArrayList; import java.util.Base64; import java.util.List; @@ -209,7 +210,7 @@ public DPPPTController(DPPPTDataService dataService, String appSource, } @ExceptionHandler({IllegalArgumentException.class, InvalidDateException.class, JsonProcessingException.class, - MethodArgumentNotValidException.class, BadBatchReleaseTimeException.class}) + MethodArgumentNotValidException.class, BadBatchReleaseTimeException.class, DateTimeParseException.class}) @ResponseStatus(HttpStatus.BAD_REQUEST) public ResponseEntity invalidArguments() { return ResponseEntity.badRequest().build(); From 9c080e8940aede20b60bcc2fd9bda74af4d3af4f Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Tue, 12 May 2020 11:10:13 +0200 Subject: [PATCH 03/10] fix: handle Long overflow exception Negative year values are parsed by LocalDate.parse() which can cause overlow exceptions resulting in error 500. (cherry picked from commit 2b03f2e1f03e880df27a597dcb4ec8f677d5e571) --- .../org/dpppt/backend/sdk/ws/controller/DPPPTController.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index d4ecc5dd..eb2e459f 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -196,6 +196,9 @@ public DPPPTController(DPPPTDataService dataService, String appSource, @GetMapping(value = "/buckets/{dayDateStr}", produces = "application/json") public @ResponseBody ResponseEntity getListOfBuckets(@PathVariable String dayDateStr) { OffsetDateTime day = LocalDate.parse(dayDateStr).atStartOfDay().atOffset(ZoneOffset.UTC); + if (day.toEpochSecond() < 0) { + return ResponseEntity.badRequest().build(); + } OffsetDateTime currentBucket = day; OffsetDateTime now = OffsetDateTime.now().withOffsetSameInstant(ZoneOffset.UTC); List bucketList = new ArrayList<>(); From a1ee334522161a502c3026461ccb0b58cf7962a8 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Tue, 12 May 2020 11:25:02 +0200 Subject: [PATCH 04/10] fix: check for null values in exposed keys array (cherry picked from commit f2c88ad5d2a37f461fc764c08f69b36066af039a) --- .../org/dpppt/backend/sdk/ws/controller/DPPPTController.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index eb2e459f..ea9dfb12 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -128,6 +128,9 @@ public DPPPTController(DPPPTDataService dataService, String appSource, List exposees = new ArrayList<>(); for (var exposedKey : exposeeRequests.getExposedKeys()) { + if (exposedKey == null) { + return ResponseEntity.badRequest().build(); + } if (!validationUtils.isValidBase64Key(exposedKey.getKey())) { return new ResponseEntity<>("No valid base64 key", HttpStatus.BAD_REQUEST); } From b04cc99ae926e068abe59c53ac8e5dd52d079080 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Thu, 4 Jun 2020 10:40:41 +0200 Subject: [PATCH 05/10] fix: handle batchReleaseTime null values (cherry picked from commit 82b0ca0f362771fd41f85c415f66789469a15043) --- .../java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java index ef749ed7..cb364a9f 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java @@ -59,7 +59,7 @@ public boolean isValidKeyDate(Long keyDate) { } public boolean isValidBatchReleaseTime(Long batchReleaseTime) throws BadBatchReleaseTimeException { - if (batchReleaseTime % batchLength != 0) { + if (batchReleaseTime == null || batchReleaseTime % batchLength != 0) { throw new BadBatchReleaseTimeException(); } // hardcoded date so that the fuzzing corpus does not get invalidated over time From 21fda74983fa01e1f17520a7bd32968960abfb36 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Thu, 4 Jun 2020 14:06:24 +0200 Subject: [PATCH 06/10] fix: handle keyDate null value (cherry picked from commit 227b3a3a00a932678434257662966bf6a9046d1d) --- .../java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java index cb364a9f..a744e984 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java @@ -55,7 +55,7 @@ public boolean isDateInRange(OffsetDateTime timestamp) { * @return */ public boolean isValidKeyDate(Long keyDate) { - return (Instant.ofEpochMilli(keyDate).atOffset(ZoneOffset.UTC).getHour() == 0); + return keyDate != null && (Instant.ofEpochMilli(keyDate).atOffset(ZoneOffset.UTC).getHour() == 0); } public boolean isValidBatchReleaseTime(Long batchReleaseTime) throws BadBatchReleaseTimeException { From 22f47a386c9cdad474631b3ce98fbd992e5cfb3e Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Thu, 4 Jun 2020 14:07:36 +0200 Subject: [PATCH 07/10] fix: do not return unsanitized jackson error messages in 400 response (cherry picked from commit fcb17a6895b0eccb5459cf32209a0c87ab2580c2) --- .../sdk/ws/controller/GaenController.java | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java index 36a39ca5..3ef32bd0 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java @@ -18,6 +18,7 @@ import java.time.Instant; import java.time.LocalDate; import java.time.ZoneOffset; +import java.time.format.DateTimeParseException; import java.util.ArrayList; import java.util.Base64; import java.util.Date; @@ -27,6 +28,7 @@ import javax.validation.Valid; +import com.fasterxml.jackson.core.JsonProcessingException; import org.dpppt.backend.sdk.data.gaen.FakeKeyService; import org.dpppt.backend.sdk.data.gaen.GAENDataService; import org.dpppt.backend.sdk.model.gaen.DayBuckets; @@ -50,6 +52,7 @@ import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -316,21 +319,10 @@ private void normalizeRequestTime(long now) { } } - @ExceptionHandler(IllegalArgumentException.class) + @ExceptionHandler({IllegalArgumentException.class, InvalidDateException.class, JsonProcessingException.class, + MethodArgumentNotValidException.class, BadBatchReleaseTimeException.class, DateTimeParseException.class}) @ResponseStatus(HttpStatus.BAD_REQUEST) public ResponseEntity invalidArguments() { return ResponseEntity.badRequest().build(); } - - @ExceptionHandler(InvalidDateException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidDate() { - return ResponseEntity.badRequest().build(); - } - - @ExceptionHandler(BadBatchReleaseTimeException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidBatchReleaseTime() { - return ResponseEntity.badRequest().build(); - } } \ No newline at end of file From dd14b056ee2e4ab946b24762dbde2980c925b6eb Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Mon, 8 Jun 2020 21:14:31 +0200 Subject: [PATCH 08/10] fix: invalidate exposed keys lists containing null elements (cherry picked from commit 674a980c20ee45221103a6bd4b3e2ff2a5ca7a68) --- .../java/org/dpppt/backend/sdk/model/ExposeeRequestList.java | 2 +- .../org/dpppt/backend/sdk/ws/controller/DPPPTController.java | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java b/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java index e93f25d5..0373f35c 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java @@ -8,7 +8,7 @@ public class ExposeeRequestList { @NotNull @NotEmpty - List exposedKeys; + List<@NotNull ExposedKey> exposedKeys; private Integer fake = 0; diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index ea9dfb12..eb2e459f 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -128,9 +128,6 @@ public DPPPTController(DPPPTDataService dataService, String appSource, List exposees = new ArrayList<>(); for (var exposedKey : exposeeRequests.getExposedKeys()) { - if (exposedKey == null) { - return ResponseEntity.badRequest().build(); - } if (!validationUtils.isValidBase64Key(exposedKey.getKey())) { return new ResponseEntity<>("No valid base64 key", HttpStatus.BAD_REQUEST); } From 68037b0d62feb33f3a56a2ee613ab5be84959786 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Mon, 8 Jun 2020 21:18:35 +0200 Subject: [PATCH 09/10] switch Long to long where null value is not needed (cherry picked from commit 3f0d8fdf2b340d3a6ea6f448ed7da83202eab7b4) --- .../java/org/dpppt/backend/sdk/data/DPPPTDataService.java | 4 ++-- .../dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java | 4 ++-- .../dpppt/backend/sdk/ws/controller/DPPPTController.java | 8 ++++---- .../dpppt/backend/sdk/ws/controller/DebugController.java | 2 +- .../dpppt/backend/sdk/ws/controller/GaenController.java | 4 ++-- .../org/dpppt/backend/sdk/ws/util/ValidationUtils.java | 8 ++++---- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java index e6324809..89360054 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java @@ -40,7 +40,7 @@ public interface DPPPTDataService { * @param batchLength * @return */ - int getMaxExposedIdForBatchReleaseTime(Long batchReleaseTime, long batchLength); + int getMaxExposedIdForBatchReleaseTime(long batchReleaseTime, long batchLength); /** * Returns all exposees for the given batch. @@ -49,7 +49,7 @@ public interface DPPPTDataService { * @param batchLength * @return */ - List getSortedExposedForBatchReleaseTime(Long batchReleaseTime, long batchLength); + List getSortedExposedForBatchReleaseTime(long batchReleaseTime, long batchLength); /** * deletes entries older than retentionperiod diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java index dfcc37e7..54db6a25 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java @@ -82,7 +82,7 @@ public void upsertExposees(List exposees, String appSource) { @Override @Transactional(readOnly = true) - public int getMaxExposedIdForBatchReleaseTime(Long batchReleaseTime, long batchLength) { + public int getMaxExposedIdForBatchReleaseTime(long batchReleaseTime, long batchLength) { MapSqlParameterSource params = new MapSqlParameterSource(); params.addValue("batchReleaseTime", Date.from(Instant.ofEpochMilli(batchReleaseTime))); params.addValue("startBatch", Date.from(Instant.ofEpochMilli(batchReleaseTime - batchLength))); @@ -97,7 +97,7 @@ public int getMaxExposedIdForBatchReleaseTime(Long batchReleaseTime, long batchL @Override @Transactional(readOnly = true) - public List getSortedExposedForBatchReleaseTime(Long batchReleaseTime, long batchLength) { + public List getSortedExposedForBatchReleaseTime(long batchReleaseTime, long batchLength) { String sql = "select pk_exposed_id, key, key_date from t_exposed where received_at >= :startBatch and received_at < :batchReleaseTime order by pk_exposed_id desc"; MapSqlParameterSource params = new MapSqlParameterSource(); params.addValue("batchReleaseTime", Date.from(Instant.ofEpochMilli(batchReleaseTime))); diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index eb2e459f..0dd68399 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -156,7 +156,7 @@ public DPPPTController(DPPPTDataService dataService, String appSource, @CrossOrigin(origins = { "https://editor.swagger.io" }) @GetMapping(value = "/exposedjson/{batchReleaseTime}", produces = "application/json") - public @ResponseBody ResponseEntity getExposedByDayDate(@PathVariable Long batchReleaseTime, + public @ResponseBody ResponseEntity getExposedByDayDate(@PathVariable long batchReleaseTime, WebRequest request) throws BadBatchReleaseTimeException{ if(!validationUtils.isValidBatchReleaseTime(batchReleaseTime)) { return ResponseEntity.notFound().build(); @@ -166,12 +166,12 @@ public DPPPTController(DPPPTDataService dataService, String appSource, ExposedOverview overview = new ExposedOverview(exposeeList); overview.setBatchReleaseTime(batchReleaseTime); return ResponseEntity.ok().cacheControl(CacheControl.maxAge(Duration.ofMinutes(exposedListCacheContol))) - .header("X-BATCH-RELEASE-TIME", batchReleaseTime.toString()).body(overview); + .header("X-BATCH-RELEASE-TIME", Long.toString(batchReleaseTime)).body(overview); } @CrossOrigin(origins = { "https://editor.swagger.io" }) @GetMapping(value = "/exposed/{batchReleaseTime}", produces = "application/x-protobuf") - public @ResponseBody ResponseEntity getExposedByBatch(@PathVariable Long batchReleaseTime, + public @ResponseBody ResponseEntity getExposedByBatch(@PathVariable long batchReleaseTime, WebRequest request) throws BadBatchReleaseTimeException { if(!validationUtils.isValidBatchReleaseTime(batchReleaseTime)) { return ResponseEntity.notFound().build(); @@ -189,7 +189,7 @@ public DPPPTController(DPPPTDataService dataService, String appSource, .setBatchReleaseTime(batchReleaseTime).build(); return ResponseEntity.ok().cacheControl(CacheControl.maxAge(Duration.ofMinutes(exposedListCacheContol))) - .header("X-BATCH-RELEASE-TIME", batchReleaseTime.toString()).body(protoExposee); + .header("X-BATCH-RELEASE-TIME", Long.toString(batchReleaseTime)).body(protoExposee); } @CrossOrigin(origins = { "https://editor.swagger.io" }) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java index 97eff0a4..753c6df8 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java @@ -91,7 +91,7 @@ public DebugController(DebugGAENDataService dataService, ProtoSignature gaenSign } @GetMapping(value = "/exposed/{batchReleaseTime}", produces = "application/zip") - public @ResponseBody ResponseEntity getExposedKeys(@PathVariable Long batchReleaseTime, WebRequest request) + public @ResponseBody ResponseEntity getExposedKeys(@PathVariable long batchReleaseTime, WebRequest request) throws BadBatchReleaseTimeException, IOException, InvalidKeyException, NoSuchAlgorithmException, SignatureException { diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java index 3ef32bd0..78d1bf09 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java @@ -224,7 +224,7 @@ public GaenController(GAENDataService dataService, FakeKeyService fakeKeyService } @GetMapping(value = "/exposed/{keyDate}", produces = "application/zip") - public @ResponseBody ResponseEntity getExposedKeys(@PathVariable Long keyDate, + public @ResponseBody ResponseEntity getExposedKeys(@PathVariable long keyDate, @RequestParam(required = false) Long publishedafter, WebRequest request) throws BadBatchReleaseTimeException, IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException { @@ -258,7 +258,7 @@ public GaenController(GAENDataService dataService, FakeKeyService fakeKeyService } @GetMapping(value = "/exposedjson/{keyDate}", produces = "application/json") - public @ResponseBody ResponseEntity getExposedKeysAsJson(@PathVariable Long keyDate, + public @ResponseBody ResponseEntity getExposedKeysAsJson(@PathVariable long keyDate, @RequestParam(required = false) Long publishedafter, WebRequest request) throws BadBatchReleaseTimeException { if (!validationUtils.isValidKeyDate(keyDate)) { diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java index a744e984..f6fc7997 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java @@ -54,12 +54,12 @@ public boolean isDateInRange(OffsetDateTime timestamp) { * @param keyDate * @return */ - public boolean isValidKeyDate(Long keyDate) { - return keyDate != null && (Instant.ofEpochMilli(keyDate).atOffset(ZoneOffset.UTC).getHour() == 0); + public boolean isValidKeyDate(long keyDate) { + return (Instant.ofEpochMilli(keyDate).atOffset(ZoneOffset.UTC).getHour() == 0); } - public boolean isValidBatchReleaseTime(Long batchReleaseTime) throws BadBatchReleaseTimeException { - if (batchReleaseTime == null || batchReleaseTime % batchLength != 0) { + public boolean isValidBatchReleaseTime(long batchReleaseTime) throws BadBatchReleaseTimeException { + if (batchReleaseTime % batchLength != 0) { throw new BadBatchReleaseTimeException(); } // hardcoded date so that the fuzzing corpus does not get invalidated over time From b3d098bc9006a6a46d210bb047956fbb5f339943 Mon Sep 17 00:00:00 2001 From: Simon Resch Date: Mon, 8 Jun 2020 21:20:04 +0200 Subject: [PATCH 10/10] Revert "fix: handle Long overflow exception" This reverts commit 0f63de6f (cherry picked from commit fb8308e279d407dbac2d7bf81906220877661d9b) --- .../org/dpppt/backend/sdk/ws/controller/DPPPTController.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index 0dd68399..8cfaa833 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -196,9 +196,6 @@ public DPPPTController(DPPPTDataService dataService, String appSource, @GetMapping(value = "/buckets/{dayDateStr}", produces = "application/json") public @ResponseBody ResponseEntity getListOfBuckets(@PathVariable String dayDateStr) { OffsetDateTime day = LocalDate.parse(dayDateStr).atStartOfDay().atOffset(ZoneOffset.UTC); - if (day.toEpochSecond() < 0) { - return ResponseEntity.badRequest().build(); - } OffsetDateTime currentBucket = day; OffsetDateTime now = OffsetDateTime.now().withOffsetSameInstant(ZoneOffset.UTC); List bucketList = new ArrayList<>();