From ef4eba03c151b63fc9bc8e1c8664cc136eb80379 Mon Sep 17 00:00:00 2001 From: Leven Date: Thu, 16 Jan 2025 09:07:41 -0500 Subject: [PATCH 1/2] Add try/catch, enhance error nmessages. --- .../ElrrConsolidateApplication.java | 20 +- .../elrr/elrrconsolidate/HeaderFilter.java | 20 +- .../JSONRequestSizeLimitFilter.java | 16 +- .../elrrconsolidate/SanatizingFilter.java | 188 ++++++++++-------- 4 files changed, 135 insertions(+), 109 deletions(-) diff --git a/src/main/java/com/deloitte/elrr/elrrconsolidate/ElrrConsolidateApplication.java b/src/main/java/com/deloitte/elrr/elrrconsolidate/ElrrConsolidateApplication.java index 477a5e7..c8f6cc7 100644 --- a/src/main/java/com/deloitte/elrr/elrrconsolidate/ElrrConsolidateApplication.java +++ b/src/main/java/com/deloitte/elrr/elrrconsolidate/ElrrConsolidateApplication.java @@ -8,18 +8,12 @@ @EnableScheduling public class ElrrConsolidateApplication { - /** - * - */ - protected ElrrConsolidateApplication() { - - } - /** - * - * @param args - */ - public static void main(final String[] args) { - SpringApplication.run(ElrrConsolidateApplication.class, args); - } + protected ElrrConsolidateApplication() {} + /** + * @param args + */ + public static void main(final String[] args) { + SpringApplication.run(ElrrConsolidateApplication.class, args); + } } diff --git a/src/main/java/com/deloitte/elrr/elrrconsolidate/HeaderFilter.java b/src/main/java/com/deloitte/elrr/elrrconsolidate/HeaderFilter.java index 21ce54f..b3f364d 100644 --- a/src/main/java/com/deloitte/elrr/elrrconsolidate/HeaderFilter.java +++ b/src/main/java/com/deloitte/elrr/elrrconsolidate/HeaderFilter.java @@ -27,16 +27,22 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha HttpServletRequest httpServletRequest = (HttpServletRequest) request; - if (checkHttpHeader == false) { - chain.doFilter(request, response); - } else { - if ("https".equalsIgnoreCase(httpServletRequest.getHeader("X-Forwarded-Proto"))) { + try { + if (checkHttpHeader == false) { chain.doFilter(request, response); } else { - log.error("Not a HTTPS request."); - ((HttpServletResponse) response) - .sendError(HttpServletResponse.SC_BAD_REQUEST, "Not a HTTPS request."); + if ("https".equalsIgnoreCase(httpServletRequest.getHeader("X-Forwarded-Proto"))) { + chain.doFilter(request, response); + } else { + log.error("Not a HTTPS request."); + ((HttpServletResponse) response) + .sendError(HttpServletResponse.SC_BAD_REQUEST, "Not a HTTPS request."); + } } + } catch (IOException | ServletException e) { + log.error("Error: " + e.getMessage()); + e.printStackTrace(); + return; } } } diff --git a/src/main/java/com/deloitte/elrr/elrrconsolidate/JSONRequestSizeLimitFilter.java b/src/main/java/com/deloitte/elrr/elrrconsolidate/JSONRequestSizeLimitFilter.java index a255a38..8e6da38 100644 --- a/src/main/java/com/deloitte/elrr/elrrconsolidate/JSONRequestSizeLimitFilter.java +++ b/src/main/java/com/deloitte/elrr/elrrconsolidate/JSONRequestSizeLimitFilter.java @@ -28,11 +28,17 @@ public class JSONRequestSizeLimitFilter extends OncePerRequestFilter { protected void doFilterInternal( HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - if (isApplicationJson(request) && request.getContentLengthLong() < MAX_SIZE_LIMIT) { - filterChain.doFilter(request, response); - } else { - log.error("Request size exceeds the limit."); - response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request size exceeds the limit."); + try { + if (isApplicationJson(request) && request.getContentLengthLong() < MAX_SIZE_LIMIT) { + filterChain.doFilter(request, response); + } else { + log.error("Request size exceeds the limit."); + response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request size exceeds the limit."); + } + } catch (IOException | ServletException e) { + log.error("Error: " + e.getMessage()); + e.printStackTrace(); + return; } } diff --git a/src/main/java/com/deloitte/elrr/elrrconsolidate/SanatizingFilter.java b/src/main/java/com/deloitte/elrr/elrrconsolidate/SanatizingFilter.java index 32a3299..acb8365 100644 --- a/src/main/java/com/deloitte/elrr/elrrconsolidate/SanatizingFilter.java +++ b/src/main/java/com/deloitte/elrr/elrrconsolidate/SanatizingFilter.java @@ -1,97 +1,117 @@ package com.deloitte.elrr.elrrconsolidate; -import fr.spacefox.confusablehomoglyphs.Confusables; -import jakarta.servlet.*; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; -import lombok.extern.slf4j.Slf4j; +import java.io.IOException; +import java.util.Iterator; + +import org.json.JSONException; import org.json.JSONObject; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Component; -import org.springframework.util.StringUtils; - -import java.io.IOException; -import java.util.Iterator; +import fr.spacefox.confusablehomoglyphs.Confusables; +import jakarta.servlet.Filter; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.ServletRequest; +import jakarta.servlet.ServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.extern.slf4j.Slf4j; @Component @Slf4j public class SanatizingFilter implements Filter { - - - private boolean invalidParam; - - @Override - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) - throws IOException, ServletException { - - HttpServletResponse httpResponse = (HttpServletResponse) response; - WrappedHttp httpRequest; - invalidParam = false; - - StringBuilder body = new StringBuilder(); - for(String line : request.getReader().lines().toList()) { - if(InputSanatizer.isValidInput(line)) { - body.append(line); - body.append('\n'); - - } - else { - log.error("Illegal line in request body: " + line); - httpResponse.sendError(HttpStatus.BAD_REQUEST.value(), "Illegal line in request body: " + line); - } - } - if(httpResponse.isCommitted()) - return; - - - httpRequest = new WrappedHttp((HttpServletRequest) request, body.toString()); - httpRequest.getParameterMap(); //might help to cache parameters for future filter chain - - //below we check each parameter string for any invalid values - httpRequest.getParameterNames().asIterator().forEachRemaining((param) -> { - String paramVal = request.getParameter(param); - if(!InputSanatizer.isValidInput(paramVal)) { - invalidParam = true; - } - }); - - if(invalidParam) { - log.error("Illegal Parameter Value"); - httpResponse.sendError(HttpStatus.BAD_REQUEST.value(), "Illegal Parameter Value"); - return; - } - - if (hasHomoGlyphs(httpRequest)) - { - log.error("Request body contains homoglyphs."); - httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request body contains homoglyphs."); - return; - } - - chain.doFilter(httpRequest, response); - } - - private static boolean hasHomoGlyphs(WrappedHttp httpRequest) { - if(!StringUtils.hasLength(httpRequest.getBody())) - { - return false; - } - Confusables confusables = Confusables.fromInternal(); - JSONObject jsonObject = new JSONObject(httpRequest.getBody()); - Iterator keys = jsonObject.keys(); - while (keys.hasNext()) { - String key = (String) keys.next(); - String value = (String) jsonObject.get(key); - boolean dangerousKey = confusables.isDangerous(key); - boolean dangerousValue = confusables.isDangerous(value); - if (dangerousKey || dangerousValue) { - return true; - } - } - return false; - } -} + private boolean invalidParam; + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + HttpServletResponse httpResponse = (HttpServletResponse) response; + WrappedHttp httpRequest; + invalidParam = false; + + StringBuilder body = new StringBuilder(); + try { + for (String line : request.getReader().lines().toList()) { + if (InputSanatizer.isValidInput(line)) { + body.append(line); + body.append('\n'); + + } else { + // need to log bad request. Might be best to continue processing + // and report all bad lines. / complete body + httpResponse.sendError( + HttpStatus.BAD_REQUEST.value(), "Illegal line in request body: " + line); + } + } + } catch (IOException e) { + log.error("Error: " + e.getMessage()); + e.printStackTrace(); + return; + } + + if (httpResponse.isCommitted()) return; + httpRequest = new WrappedHttp((HttpServletRequest) request, body.toString()); + httpRequest.getParameterMap(); // might help to cache parameters for + // future filter chain + // Check each parameter string for any invalid values + httpRequest + .getParameterNames() + .asIterator() + .forEachRemaining( + (param) -> { + String paramVal = request.getParameter(param); + if (!InputSanatizer.isValidInput(paramVal)) { + invalidParam = true; + log.error("Illegal Parameter Value " + paramVal); + } + }); + + if (invalidParam) { + try { + httpResponse.sendError(HttpStatus.BAD_REQUEST.value(), "Illegal Parameter Value"); + return; + } catch (IOException e) { + log.error("Error: " + e.getMessage()); + e.printStackTrace(); + return; + } + } + + if (hasHomoGlyphs(httpRequest)) { + try { + log.error("Request body contains homoglyphs."); + httpResponse.sendError( + HttpServletResponse.SC_BAD_REQUEST, "Request body contains homoglyphs."); + return; + } catch (IOException | JSONException e) { + log.error("Error: " + e.getMessage()); + e.printStackTrace(); + return; + } + } + + chain.doFilter(httpRequest, response); + } + + private static boolean hasHomoGlyphs(WrappedHttp httpRequest) { + + if (httpRequest.getBody().isEmpty()) return false; + Confusables confusables = Confusables.fromInternal(); + JSONObject jsonObject = new JSONObject(httpRequest.getBody()); + Iterator keys = jsonObject.keys(); + while (keys.hasNext()) { + String key = keys.next(); + String value = (String) jsonObject.get(key); + boolean dangerousKey = confusables.isDangerous(key); + boolean dangerousValue = confusables.isDangerous(value); + if (dangerousKey || dangerousValue) { + return true; + } + } + return false; + } +} From 638dfb08717dab6d86d04dab32c5a36b4f87bc29 Mon Sep 17 00:00:00 2001 From: Leven Date: Fri, 17 Jan 2025 08:04:57 -0500 Subject: [PATCH 2/2] Add try/catch block. --- .../exception/ResourceNotFoundException.java | 22 +-- .../elrrconsolidate/SanatizingFilter.java | 10 +- .../consumer/ELRRMessageListener.java | 4 +- .../jpa/service/CommonSvc.java | 158 ++++++++---------- .../service/ConsolidatorService.java | 2 - .../elrrconsolidate/service/ECCService.java | 1 - .../elrrconsolidate/service/HRService.java | 2 - .../consumer/ELRRMessageListenerTest.java | 22 +-- .../jpa/service/OrganizationSvcTest.java | 76 ++++----- 9 files changed, 130 insertions(+), 167 deletions(-) diff --git a/src/main/java/com/deloitte/elrr/elrraggregator/exception/ResourceNotFoundException.java b/src/main/java/com/deloitte/elrr/elrraggregator/exception/ResourceNotFoundException.java index 0cf5589..5ac4afe 100644 --- a/src/main/java/com/deloitte/elrr/elrraggregator/exception/ResourceNotFoundException.java +++ b/src/main/java/com/deloitte/elrr/elrraggregator/exception/ResourceNotFoundException.java @@ -1,6 +1,3 @@ -/** - * - */ package com.deloitte.elrr.elrraggregator.exception; import org.springframework.http.HttpStatus; @@ -8,21 +5,16 @@ /** * @author mnelakurti - * */ @ResponseStatus(value = HttpStatus.NOT_FOUND) public class ResourceNotFoundException extends Exception { - /** - * - */ - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 1L; - /** - * - * @param message - */ - public ResourceNotFoundException(final String message) { - super(message); - } + /** + * @param message + */ + public ResourceNotFoundException(final String message) { + super(message); + } } diff --git a/src/main/java/com/deloitte/elrr/elrrconsolidate/SanatizingFilter.java b/src/main/java/com/deloitte/elrr/elrrconsolidate/SanatizingFilter.java index acb8365..d5bc9de 100644 --- a/src/main/java/com/deloitte/elrr/elrrconsolidate/SanatizingFilter.java +++ b/src/main/java/com/deloitte/elrr/elrrconsolidate/SanatizingFilter.java @@ -45,7 +45,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha HttpStatus.BAD_REQUEST.value(), "Illegal line in request body: " + line); } } - } catch (IOException e) { + } catch (IOException | IllegalStateException e) { log.error("Error: " + e.getMessage()); e.printStackTrace(); return; @@ -94,7 +94,13 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha } } - chain.doFilter(httpRequest, response); + try { + chain.doFilter(httpRequest, response); + } catch (IOException | ServletException e) { + log.error("Error: " + e.getMessage()); + e.printStackTrace(); + return; + } } private static boolean hasHomoGlyphs(WrappedHttp httpRequest) { diff --git a/src/main/java/com/deloitte/elrr/elrrconsolidate/consumer/ELRRMessageListener.java b/src/main/java/com/deloitte/elrr/elrrconsolidate/consumer/ELRRMessageListener.java index 594b925..c282c30 100644 --- a/src/main/java/com/deloitte/elrr/elrrconsolidate/consumer/ELRRMessageListener.java +++ b/src/main/java/com/deloitte/elrr/elrrconsolidate/consumer/ELRRMessageListener.java @@ -52,7 +52,6 @@ public void listen(final String message) { } /** - * * @param statement * @return LearnerChange */ @@ -128,7 +127,7 @@ private LearnerChange getLearnerChange(final String payload) { learnerChange.setCourses(userCourses); } catch (JsonProcessingException e) { - log.info("exception while inserting "); + log.info("Exception while inserting LearnerChange."); e.printStackTrace(); } @@ -137,7 +136,6 @@ private LearnerChange getLearnerChange(final String payload) { /** * @param messageVo - * */ private void insertAuditLog(final MessageVO messageVo) { ELRRAuditLog auditLog = new ELRRAuditLog(); diff --git a/src/main/java/com/deloitte/elrr/elrrconsolidate/jpa/service/CommonSvc.java b/src/main/java/com/deloitte/elrr/elrrconsolidate/jpa/service/CommonSvc.java index 60aab34..6a68ebf 100644 --- a/src/main/java/com/deloitte/elrr/elrrconsolidate/jpa/service/CommonSvc.java +++ b/src/main/java/com/deloitte/elrr/elrrconsolidate/jpa/service/CommonSvc.java @@ -9,96 +9,84 @@ /** * @author mnelakurti - * * @param t * @param id - * */ public interface CommonSvc { - /** - * - * @param entity - * @return ID - */ - ID getId(T entity); - - /** - * - * @return CrudRepository - */ - CrudRepository getRepository(); - - /** - * - * @return Iterable iterable - */ - default Iterable findAll() { - return getRepository().findAll(); - } - - /** - * - * @param id - * @return Optional - */ - default Optional get(ID id) { - return getRepository().findById(id); - } - - /** - * - * @param entity - * @return T - */ - default T save(T entity) { - return getRepository().save(entity); - } - - /** - * - * @param entities - * @return Iterable - */ - default Iterable saveAll(Iterable entities) { - return getRepository().saveAll(entities); + /** + * @param entity + * @return ID + */ + ID getId(T entity); + + /** + * @return CrudRepository + */ + CrudRepository getRepository(); + + /** + * @return Iterable iterable + */ + default Iterable findAll() { + return getRepository().findAll(); + } + + /** + * @param id + * @return Optional + */ + default Optional get(ID id) { + return getRepository().findById(id); + } + + /** + * @param entity + * @return T + */ + default T save(T entity) { + return getRepository().save(entity); + } + + /** + * @param entities + * @return Iterable + */ + default Iterable saveAll(Iterable entities) { + return getRepository().saveAll(entities); + } + + /** + * @param id + * @throws ResourceNotFoundException + */ + default void delete(ID id) throws ResourceNotFoundException { + try { + if (getRepository().existsById(id)) { + getRepository().deleteById(id); + } else { + throw new ResourceNotFoundException(" Id not found for delete : " + id); + } + } catch (IllegalArgumentException e) { + e.printStackTrace(); + return; } - - /** - * - * @param id - * @throws ResourceNotFoundException - */ - default void delete(ID id) throws ResourceNotFoundException { - if (getRepository().existsById(id)) { - getRepository().deleteById(id); - } else { - throw new ResourceNotFoundException( - " Id not found for delete : " + id); - } - } - - /** - * - */ - default void deleteAll() { - getRepository().deleteAll(); - + } + + default void deleteAll() { + getRepository().deleteAll(); + } + + /** + * @param entity + * @throws ResourceNotFoundException + */ + default void update(T entity) throws ResourceNotFoundException { + if (getRepository().existsById(getId(entity))) { + getRepository().save(entity); + } else { + + throw new ResourceNotFoundException("Not found record in DB to update: " + entity); } - - /** - * - * @param entity - * @throws ResourceNotFoundException - */ - default void update(T entity) throws ResourceNotFoundException { - if (getRepository().existsById(getId(entity))) { - getRepository().save(entity); - } else { - - throw new ResourceNotFoundException( - "Not found record in DB to update: " + entity); - } - } - + } } diff --git a/src/main/java/com/deloitte/elrr/elrrconsolidate/service/ConsolidatorService.java b/src/main/java/com/deloitte/elrr/elrrconsolidate/service/ConsolidatorService.java index edf1e5b..b3478a0 100644 --- a/src/main/java/com/deloitte/elrr/elrrconsolidate/service/ConsolidatorService.java +++ b/src/main/java/com/deloitte/elrr/elrrconsolidate/service/ConsolidatorService.java @@ -17,10 +17,8 @@ @Slf4j public class ConsolidatorService { - /** */ @Autowired private LearnerProfileSvc learnerProfileService; - /** */ private static final Long EMPLOYEE_ID = 100L; /** diff --git a/src/main/java/com/deloitte/elrr/elrrconsolidate/service/ECCService.java b/src/main/java/com/deloitte/elrr/elrrconsolidate/service/ECCService.java index 83583c8..ebb8b49 100644 --- a/src/main/java/com/deloitte/elrr/elrrconsolidate/service/ECCService.java +++ b/src/main/java/com/deloitte/elrr/elrrconsolidate/service/ECCService.java @@ -18,7 +18,6 @@ @Slf4j public class ECCService { - /** */ @Autowired private CourseSvc courseService; /** diff --git a/src/main/java/com/deloitte/elrr/elrrconsolidate/service/HRService.java b/src/main/java/com/deloitte/elrr/elrrconsolidate/service/HRService.java index faadd2f..7454657 100644 --- a/src/main/java/com/deloitte/elrr/elrrconsolidate/service/HRService.java +++ b/src/main/java/com/deloitte/elrr/elrrconsolidate/service/HRService.java @@ -15,10 +15,8 @@ @Slf4j public class HRService { - /** */ @Autowired private PersonSvc personService; - /** */ @Autowired private ContactInformationSvc contactInformationService; /** diff --git a/src/test/java/com/deloitte/elrr/elrrconsolidate/consumer/ELRRMessageListenerTest.java b/src/test/java/com/deloitte/elrr/elrrconsolidate/consumer/ELRRMessageListenerTest.java index b7558b4..24dfe89 100644 --- a/src/test/java/com/deloitte/elrr/elrrconsolidate/consumer/ELRRMessageListenerTest.java +++ b/src/test/java/com/deloitte/elrr/elrrconsolidate/consumer/ELRRMessageListenerTest.java @@ -1,24 +1,18 @@ -/** - * - */ package com.deloitte.elrr.elrrconsolidate.consumer; import org.junit.jupiter.api.Test; /** * @author mnelakurti - * */ class ELRRMessageListenerTest { - /** - * Test method for - * {@link com.deloitte.elrr.elrrconsolidate.consumer. - * ELRRMessageListener#listen(java.lang.String)}. - */ - @Test - void testListen() { - // fail("Not yet implemented"); // TODO - } - + /** + * Test method for {@link com.deloitte.elrr.elrrconsolidate.consumer. + * ELRRMessageListener#listen(java.lang.String)}. + */ + @Test + void testListen() { + // fail("Not yet implemented"); // TODO + } } diff --git a/src/test/java/com/deloitte/elrr/elrrconsolidate/jpa/service/OrganizationSvcTest.java b/src/test/java/com/deloitte/elrr/elrrconsolidate/jpa/service/OrganizationSvcTest.java index f8328fc..f61764c 100644 --- a/src/test/java/com/deloitte/elrr/elrrconsolidate/jpa/service/OrganizationSvcTest.java +++ b/src/test/java/com/deloitte/elrr/elrrconsolidate/jpa/service/OrganizationSvcTest.java @@ -1,6 +1,4 @@ -/** - * - */ +/** */ package com.deloitte.elrr.elrrconsolidate.jpa.service; import java.util.ArrayList; @@ -21,50 +19,42 @@ /** * @author mnelakurti - * */ @ExtendWith(MockitoExtension.class) @MockitoSettings(strictness = Strictness.LENIENT) class OrganizationSvcTest { - /** - * - */ - @Mock - private OrganizationRepository organizationRepository; - - /** - * @throws ResourceNotFoundException - * - */ - @Test - void test() throws ResourceNotFoundException { - OrganizationSvc organizationSvc = new OrganizationSvc( - organizationRepository); - Organization organization = new Organization(); - organization.setOrganizationid(1L); - List organizationList = new ArrayList<>(); - organizationList.add(organization); - ReflectionTestUtils.setField(organizationSvc, "organizationRepository", - organizationRepository); - Mockito.doReturn(organization).when(organizationRepository) - .save(organization); - Mockito.doReturn(true).when(organizationRepository).existsById(1L); - Mockito.doNothing().when(organizationRepository).deleteById(1L); - - organizationSvc.getId(organization); - organizationSvc.findAll(); - organizationSvc.get(1L); - organizationSvc.save(organization); - organizationSvc.deleteAll(); - organizationSvc.delete(1L); - organizationSvc.update(organization); - organizationSvc.saveAll(organizationList); - organization.setOrganizationid(2L); - try { - organizationSvc.update(organization); - } catch (Exception e) { - - } + /** */ + @Mock private OrganizationRepository organizationRepository; + + /** + * @throws ResourceNotFoundException + */ + @Test + void test() throws ResourceNotFoundException { + OrganizationSvc organizationSvc = new OrganizationSvc(organizationRepository); + Organization organization = new Organization(); + organization.setOrganizationid(1L); + List organizationList = new ArrayList<>(); + organizationList.add(organization); + ReflectionTestUtils.setField(organizationSvc, "organizationRepository", organizationRepository); + Mockito.doReturn(organization).when(organizationRepository).save(organization); + Mockito.doReturn(true).when(organizationRepository).existsById(1L); + Mockito.doNothing().when(organizationRepository).deleteById(1L); + + organizationSvc.getId(organization); + organizationSvc.findAll(); + organizationSvc.get(1L); + organizationSvc.save(organization); + organizationSvc.deleteAll(); + organizationSvc.delete(1L); + organizationSvc.update(organization); + organizationSvc.saveAll(organizationList); + organization.setOrganizationid(2L); + try { + organizationSvc.update(organization); + } catch (ResourceNotFoundException e) { + e.getStackTrace(); } + } }