diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 17e19fb9..51a9a48a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,7 +19,7 @@ jobs: uses: CodeIntelligenceTesting/github-actions/start-fuzzing@v3 with: ci_fuzz_api_token: ${{ secrets.CI_FUZZ_API_TOKEN }} - test_collection: "projects/organizations_fd88fc683ec28c97_dp3t-a20f89fc/campaigns/AllController-a7e91866" + test_collection: "projects/organizations_82cc3b42e291d178_dp3t-a20f89fc/campaigns/AllController-a7e91866" git_reference: ${{ github.sha }} fuzzing_server_address: ${{ env.FUZZING_SERVER_ADDRESS }} - id: monitor-fuzzing diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java index e6324809..89360054 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/DPPPTDataService.java @@ -40,7 +40,7 @@ public interface DPPPTDataService { * @param batchLength * @return */ - int getMaxExposedIdForBatchReleaseTime(Long batchReleaseTime, long batchLength); + int getMaxExposedIdForBatchReleaseTime(long batchReleaseTime, long batchLength); /** * Returns all exposees for the given batch. @@ -49,7 +49,7 @@ public interface DPPPTDataService { * @param batchLength * @return */ - List getSortedExposedForBatchReleaseTime(Long batchReleaseTime, long batchLength); + List getSortedExposedForBatchReleaseTime(long batchReleaseTime, long batchLength); /** * deletes entries older than retentionperiod diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java index dfcc37e7..54db6a25 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/java/org/dpppt/backend/sdk/data/JDBCDPPPTDataServiceImpl.java @@ -82,7 +82,7 @@ public void upsertExposees(List exposees, String appSource) { @Override @Transactional(readOnly = true) - public int getMaxExposedIdForBatchReleaseTime(Long batchReleaseTime, long batchLength) { + public int getMaxExposedIdForBatchReleaseTime(long batchReleaseTime, long batchLength) { MapSqlParameterSource params = new MapSqlParameterSource(); params.addValue("batchReleaseTime", Date.from(Instant.ofEpochMilli(batchReleaseTime))); params.addValue("startBatch", Date.from(Instant.ofEpochMilli(batchReleaseTime - batchLength))); @@ -97,7 +97,7 @@ public int getMaxExposedIdForBatchReleaseTime(Long batchReleaseTime, long batchL @Override @Transactional(readOnly = true) - public List getSortedExposedForBatchReleaseTime(Long batchReleaseTime, long batchLength) { + public List getSortedExposedForBatchReleaseTime(long batchReleaseTime, long batchLength) { String sql = "select pk_exposed_id, key, key_date from t_exposed where received_at >= :startBatch and received_at < :batchReleaseTime order by pk_exposed_id desc"; MapSqlParameterSource params = new MapSqlParameterSource(); params.addValue("batchReleaseTime", Date.from(Instant.ofEpochMilli(batchReleaseTime))); diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java b/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java index e93f25d5..0373f35c 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-model/src/main/java/org/dpppt/backend/sdk/model/ExposeeRequestList.java @@ -8,7 +8,7 @@ public class ExposeeRequestList { @NotNull @NotEmpty - List exposedKeys; + List<@NotNull ExposedKey> exposedKeys; private Integer fake = 0; diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java index a7033f6c..8cfaa833 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java @@ -14,12 +14,14 @@ import java.time.LocalDate; import java.time.OffsetDateTime; import java.time.ZoneOffset; +import java.time.format.DateTimeParseException; import java.util.ArrayList; import java.util.Base64; import java.util.List; import javax.validation.Valid; +import com.fasterxml.jackson.core.JsonProcessingException; import org.dpppt.backend.sdk.data.DPPPTDataService; import org.dpppt.backend.sdk.model.BucketList; import org.dpppt.backend.sdk.model.ExposedOverview; @@ -36,6 +38,7 @@ import org.springframework.http.ResponseEntity; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.GetMapping; @@ -153,22 +156,22 @@ public DPPPTController(DPPPTDataService dataService, String appSource, @CrossOrigin(origins = { "https://editor.swagger.io" }) @GetMapping(value = "/exposedjson/{batchReleaseTime}", produces = "application/json") - public @ResponseBody ResponseEntity getExposedByDayDate(@PathVariable Long batchReleaseTime, + public @ResponseBody ResponseEntity getExposedByDayDate(@PathVariable long batchReleaseTime, WebRequest request) throws BadBatchReleaseTimeException{ if(!validationUtils.isValidBatchReleaseTime(batchReleaseTime)) { return ResponseEntity.notFound().build(); } - + List exposeeList = dataService.getSortedExposedForBatchReleaseTime(batchReleaseTime, batchLength); ExposedOverview overview = new ExposedOverview(exposeeList); overview.setBatchReleaseTime(batchReleaseTime); return ResponseEntity.ok().cacheControl(CacheControl.maxAge(Duration.ofMinutes(exposedListCacheContol))) - .header("X-BATCH-RELEASE-TIME", batchReleaseTime.toString()).body(overview); + .header("X-BATCH-RELEASE-TIME", Long.toString(batchReleaseTime)).body(overview); } @CrossOrigin(origins = { "https://editor.swagger.io" }) @GetMapping(value = "/exposed/{batchReleaseTime}", produces = "application/x-protobuf") - public @ResponseBody ResponseEntity getExposedByBatch(@PathVariable Long batchReleaseTime, + public @ResponseBody ResponseEntity getExposedByBatch(@PathVariable long batchReleaseTime, WebRequest request) throws BadBatchReleaseTimeException { if(!validationUtils.isValidBatchReleaseTime(batchReleaseTime)) { return ResponseEntity.notFound().build(); @@ -186,7 +189,7 @@ public DPPPTController(DPPPTDataService dataService, String appSource, .setBatchReleaseTime(batchReleaseTime).build(); return ResponseEntity.ok().cacheControl(CacheControl.maxAge(Duration.ofMinutes(exposedListCacheContol))) - .header("X-BATCH-RELEASE-TIME", batchReleaseTime.toString()).body(protoExposee); + .header("X-BATCH-RELEASE-TIME", Long.toString(batchReleaseTime)).body(protoExposee); } @CrossOrigin(origins = { "https://editor.swagger.io" }) @@ -206,21 +209,11 @@ public DPPPTController(DPPPTDataService dataService, String appSource, return ResponseEntity.ok(list); } - @ExceptionHandler(IllegalArgumentException.class) + @ExceptionHandler({IllegalArgumentException.class, InvalidDateException.class, JsonProcessingException.class, + MethodArgumentNotValidException.class, BadBatchReleaseTimeException.class, DateTimeParseException.class}) @ResponseStatus(HttpStatus.BAD_REQUEST) public ResponseEntity invalidArguments() { return ResponseEntity.badRequest().build(); } - @ExceptionHandler(InvalidDateException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidDate() { - return ResponseEntity.badRequest().build(); - } - @ExceptionHandler(BadBatchReleaseTimeException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidBatchReleaseTime() { - return ResponseEntity.badRequest().build(); - } - } diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java index 97eff0a4..753c6df8 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java @@ -91,7 +91,7 @@ public DebugController(DebugGAENDataService dataService, ProtoSignature gaenSign } @GetMapping(value = "/exposed/{batchReleaseTime}", produces = "application/zip") - public @ResponseBody ResponseEntity getExposedKeys(@PathVariable Long batchReleaseTime, WebRequest request) + public @ResponseBody ResponseEntity getExposedKeys(@PathVariable long batchReleaseTime, WebRequest request) throws BadBatchReleaseTimeException, IOException, InvalidKeyException, NoSuchAlgorithmException, SignatureException { diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java index 36a39ca5..78d1bf09 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenController.java @@ -18,6 +18,7 @@ import java.time.Instant; import java.time.LocalDate; import java.time.ZoneOffset; +import java.time.format.DateTimeParseException; import java.util.ArrayList; import java.util.Base64; import java.util.Date; @@ -27,6 +28,7 @@ import javax.validation.Valid; +import com.fasterxml.jackson.core.JsonProcessingException; import org.dpppt.backend.sdk.data.gaen.FakeKeyService; import org.dpppt.backend.sdk.data.gaen.GAENDataService; import org.dpppt.backend.sdk.model.gaen.DayBuckets; @@ -50,6 +52,7 @@ import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -221,7 +224,7 @@ public GaenController(GAENDataService dataService, FakeKeyService fakeKeyService } @GetMapping(value = "/exposed/{keyDate}", produces = "application/zip") - public @ResponseBody ResponseEntity getExposedKeys(@PathVariable Long keyDate, + public @ResponseBody ResponseEntity getExposedKeys(@PathVariable long keyDate, @RequestParam(required = false) Long publishedafter, WebRequest request) throws BadBatchReleaseTimeException, IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException { @@ -255,7 +258,7 @@ public GaenController(GAENDataService dataService, FakeKeyService fakeKeyService } @GetMapping(value = "/exposedjson/{keyDate}", produces = "application/json") - public @ResponseBody ResponseEntity getExposedKeysAsJson(@PathVariable Long keyDate, + public @ResponseBody ResponseEntity getExposedKeysAsJson(@PathVariable long keyDate, @RequestParam(required = false) Long publishedafter, WebRequest request) throws BadBatchReleaseTimeException { if (!validationUtils.isValidKeyDate(keyDate)) { @@ -316,21 +319,10 @@ private void normalizeRequestTime(long now) { } } - @ExceptionHandler(IllegalArgumentException.class) + @ExceptionHandler({IllegalArgumentException.class, InvalidDateException.class, JsonProcessingException.class, + MethodArgumentNotValidException.class, BadBatchReleaseTimeException.class, DateTimeParseException.class}) @ResponseStatus(HttpStatus.BAD_REQUEST) public ResponseEntity invalidArguments() { return ResponseEntity.badRequest().build(); } - - @ExceptionHandler(InvalidDateException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidDate() { - return ResponseEntity.badRequest().build(); - } - - @ExceptionHandler(BadBatchReleaseTimeException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public ResponseEntity invalidBatchReleaseTime() { - return ResponseEntity.badRequest().build(); - } } \ No newline at end of file diff --git a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java index ef749ed7..f6fc7997 100644 --- a/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java +++ b/dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/util/ValidationUtils.java @@ -54,11 +54,11 @@ public boolean isDateInRange(OffsetDateTime timestamp) { * @param keyDate * @return */ - public boolean isValidKeyDate(Long keyDate) { + public boolean isValidKeyDate(long keyDate) { return (Instant.ofEpochMilli(keyDate).atOffset(ZoneOffset.UTC).getHour() == 0); } - public boolean isValidBatchReleaseTime(Long batchReleaseTime) throws BadBatchReleaseTimeException { + public boolean isValidBatchReleaseTime(long batchReleaseTime) throws BadBatchReleaseTimeException { if (batchReleaseTime % batchLength != 0) { throw new BadBatchReleaseTimeException(); }