Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server address validation #656

Merged
merged 3 commits into from
Mar 21, 2019
Merged

Server address validation #656

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bedb19e
Add validator and validatoins for serverConfig.serverAddress and
melowe Mar 12, 2019
0250ef9
Remove ide generated license block
melowe Mar 12, 2019
872975e
Merge branch 'master' into improvement/config-server-address-validation
melowe Mar 21, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions config/src/main/java/com/quorum/tessera/config/ServerConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.quorum.tessera.config;

import com.quorum.tessera.config.constraints.ValidServerAddress;
import com.quorum.tessera.config.constraints.ValidSsl;

import javax.validation.Valid;
Expand All @@ -14,7 +15,6 @@
@XmlAccessorType(XmlAccessType.FIELD)
public class ServerConfig extends ConfigItem {

//TODO validate that the server socket type and the communication type match the AppType
@NotNull
@XmlElement(required = true)
private AppType app;
Expand All @@ -23,7 +23,6 @@ public class ServerConfig extends ConfigItem {
@XmlElement(required = true)
private boolean enabled;


@XmlElement
private CommunicationType communicationType;

Expand All @@ -36,9 +35,15 @@ public class ServerConfig extends ConfigItem {
@XmlElement
private InfluxConfig influxConfig;

@ValidServerAddress(
message = "Binding Address is invalid",
isBindingAddress = true,
supportedSchemes = {"http","https"}
)
@XmlElement
private String bindingAddress;

@ValidServerAddress(message = "Server Address is invalid")
@NotNull
@XmlElement
private String serverAddress;
Expand Down
67 changes: 67 additions & 0 deletions config/src/main/java/com/quorum/tessera/config/constraints/ServerAddressValidator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
package com.quorum.tessera.config.constraints;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;


public class ServerAddressValidator implements ConstraintValidator<ValidServerAddress, String> {

private static final Logger LOGGER = LoggerFactory.getLogger(ServerAddressValidator.class);

private boolean bindingAddress;

private List<String> supportedSchemes;

@Override
public void initialize(ValidServerAddress a) {
this.supportedSchemes = Arrays.asList(a.supportedSchemes());
this.bindingAddress = a.isBindingAddress();
}

@Override
public boolean isValid(String v, ConstraintValidatorContext cvc) {

if(Objects.isNull(v)) {
return true;
}

final URI uri;
try{
uri = new URI(v);
} catch (URISyntaxException ex) {
LOGGER.debug(v,ex);
return false;
}

String scheme = uri.getScheme();

if(!supportedSchemes.contains(scheme)) {
return false;
}

if(scheme.startsWith("http")) {
if(uri.getPort() == -1) {
return false;
}
}

if(bindingAddress) {
return true;
}

if(Objects.equals("unix",scheme)) {
return true;
}

return !Objects.equals("0.0.0.0", uri.getHost());

}

}
31 changes: 31 additions & 0 deletions config/src/main/java/com/quorum/tessera/config/constraints/ValidServerAddress.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
package com.quorum.tessera.config.constraints;

import java.lang.annotation.Documented;
import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
import static java.lang.annotation.ElementType.FIELD;
import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.ElementType.TYPE_PARAMETER;
import static java.lang.annotation.ElementType.TYPE_USE;
import java.lang.annotation.Retention;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Target;
import javax.validation.Constraint;
import javax.validation.Payload;

@Target({FIELD, METHOD, PARAMETER, ANNOTATION_TYPE, TYPE_PARAMETER, TYPE_USE})
@Retention(RUNTIME)
@Constraint(validatedBy = ServerAddressValidator.class)
@Documented
public @interface ValidServerAddress {

boolean isBindingAddress() default false;

String[] supportedSchemes() default {"unix","http","https"};

String message() default "{ValidServerAddress.message}";
prd-fox marked this conversation as resolved.
Show resolved Hide resolved

Class<?>[] groups() default {};

Class<? extends Payload>[] payload() default {};
}
38 changes: 31 additions & 7 deletions config/src/test/java/com/quorum/tessera/config/ValidationTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ public void invalidAlwaysSendTo() {

List<String> alwaysSendTo = singletonList("BOGUS");

Config config = new Config(null, null, null, null, alwaysSendTo, null, false,false);
Config config = new Config(null, null, null, null, alwaysSendTo, null, false, false);

Set<ConstraintViolation<Config>> violations = validator.validateProperty(config, "alwaysSendTo");

Expand All @@ -145,7 +145,7 @@ public void validAlwaysSendTo() {

List<String> alwaysSendTo = singletonList(value);

Config config = new Config(null, null, null, null, alwaysSendTo, null, false,false);
Config config = new Config(null, null, null, null, alwaysSendTo, null, false, false);

Set<ConstraintViolation<Config>> violations = validator.validateProperty(config, "alwaysSendTo");

Expand Down Expand Up @@ -174,7 +174,7 @@ public void keypairPathsValidation() {
assertThat(violation2.getMessageTemplate()).isEqualTo("File does not exist");

final List<String> paths = Arrays.asList(
violation1.getPropertyPath().toString(), violation2.getPropertyPath().toString()
violation1.getPropertyPath().toString(), violation2.getPropertyPath().toString()
);
assertThat(paths).containsExactlyInAnyOrder("keyData[0].publicKeyPath", "keyData[0].privateKeyPath");
}
Expand Down Expand Up @@ -213,8 +213,8 @@ public void azureKeyPairIdsDisallowedCharactersCreateViolation() {
assertThat(violations).hasSize(2);

assertThat(violations).extracting("messageTemplate")
.containsExactly("Azure Key Vault key IDs can only contain alphanumeric characters and dashes (-)",
"Azure Key Vault key IDs can only contain alphanumeric characters and dashes (-)");
.containsExactly("Azure Key Vault key IDs can only contain alphanumeric characters and dashes (-)",
"Azure Key Vault key IDs can only contain alphanumeric characters and dashes (-)");
}

@Test
Expand All @@ -235,7 +235,7 @@ public void azureKeyPairKeyVersionLongerThan32CharsCreatesViolation() {
assertThat(violations).hasSize(2);

assertThat(violations).extracting("messageTemplate")
.containsExactly("length must be 32 characters", "length must be 32 characters");
.containsExactly("length must be 32 characters", "length must be 32 characters");
}

@Test
Expand All @@ -247,7 +247,7 @@ public void azureKeyPairKeyVersionShorterThan32CharsCreatesViolation() {
assertThat(violations).hasSize(2);

assertThat(violations).extracting("messageTemplate")
.containsExactly("length must be 32 characters", "length must be 32 characters");
.containsExactly("length must be 32 characters", "length must be 32 characters");
}

@Test
Expand Down Expand Up @@ -418,4 +418,28 @@ public void hashicorpVaultKeyPairProvidedButKeyVaultConfigHasNullUrlCreatesNotNu
assertThat(violation.getMessageTemplate()).isEqualTo("{javax.validation.constraints.NotNull.message}");
assertThat(violation.getPropertyPath().toString()).isEqualTo("hashicorpKeyVaultConfig.url");
}

@Test
public void serverAddressValidations() {

String[] invalidAddresses = {"/foo/bar","[email protected],:/fff.ll","file:/tmp/valid.somename"};

ServerConfig config = new ServerConfig();
for (String sample : invalidAddresses) {
config.setServerAddress(sample);
Set<ConstraintViolation<ServerConfig>> validresult = validator.validateProperty(config, "serverAddress");
assertThat(validresult).hasSize(1);
}



String[] validSamples = {"unix:/foo/bar.ipc","http://localhost:8080","https://somestrangedomain.com:8080"};
for (String sample : validSamples) {
config.setServerAddress(sample);
Set<ConstraintViolation<ServerConfig>> validresult = validator.validateProperty(config, "serverAddress");
assertThat(validresult).isEmpty();
}

}

}
118 changes: 118 additions & 0 deletions config/src/test/java/com/quorum/tessera/config/constraints/ServerAddressValidatorTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
package com.quorum.tessera.config.constraints;

import javax.validation.ConstraintValidatorContext;
import static org.assertj.core.api.Assertions.assertThat;
import org.junit.Test;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

public class ServerAddressValidatorTest {

@Test
public void valid() {

ServerAddressValidator validator
= new ServerAddressValidator();

ValidServerAddress validServerAddress = mock(ValidServerAddress.class);
when(validServerAddress.supportedSchemes()).thenReturn(new String[]{"http"});

validator.initialize(validServerAddress);

ConstraintValidatorContext context = mock(ConstraintValidatorContext.class);

assertThat(validator.isValid("https://www.ilovesparraws.com:80/somepatth", context)).isFalse();
assertThat(validator.isValid("http://www.ilovesparraws.com:80/somepatth", context)).isTrue();
}

@Test
public void dontAllowZeroIpWhenNotBindingAddress() {

ServerAddressValidator validator
= new ServerAddressValidator();

ValidServerAddress validServerAddress = mock(ValidServerAddress.class);

when(validServerAddress.isBindingAddress()).thenReturn(false);
when(validServerAddress.supportedSchemes()).thenReturn(new String[]{"http"});

validator.initialize(validServerAddress);

ConstraintValidatorContext context = mock(ConstraintValidatorContext.class);

assertThat(validator.isValid("http://0.0.0.0:80", context)).isFalse();

}

@Test
public void dontAllowZeroIpWhenBindingAddress() {

ServerAddressValidator validator
= new ServerAddressValidator();

ValidServerAddress validServerAddress = mock(ValidServerAddress.class);

when(validServerAddress.isBindingAddress()).thenReturn(true);
when(validServerAddress.supportedSchemes()).thenReturn(new String[]{"http"});

validator.initialize(validServerAddress);

ConstraintValidatorContext context = mock(ConstraintValidatorContext.class);

assertThat(validator.isValid("http://0.0.0.0:80", context)).isTrue();

}

@Test
public void nullValueIsIgnored() {

ServerAddressValidator validator = new ServerAddressValidator();

ValidServerAddress validServerAddress = mock(ValidServerAddress.class);

when(validServerAddress.isBindingAddress()).thenReturn(true);
when(validServerAddress.supportedSchemes()).thenReturn(new String[]{"http"});

validator.initialize(validServerAddress);

ConstraintValidatorContext context = mock(ConstraintValidatorContext.class);

assertThat(validator.isValid(null, context)).isTrue();

}

@Test
public void unixSchemStypeIntCheckedForZeroIp() {

ServerAddressValidator validator = new ServerAddressValidator();

ValidServerAddress validServerAddress = mock(ValidServerAddress.class);

when(validServerAddress.isBindingAddress()).thenReturn(false);
when(validServerAddress.supportedSchemes()).thenReturn(new String[]{"unix"});

validator.initialize(validServerAddress);

ConstraintValidatorContext context = mock(ConstraintValidatorContext.class);

assertThat(validator.isValid("unix:/bogus", context)).isTrue();

}

@Test
public void httpPortIsRequired() {

ServerAddressValidator validator
= new ServerAddressValidator();

ValidServerAddress validServerAddress = mock(ValidServerAddress.class);
when(validServerAddress.supportedSchemes()).thenReturn(new String[]{"http"});

validator.initialize(validServerAddress);

ConstraintValidatorContext context = mock(ConstraintValidatorContext.class);

assertThat(validator.isValid("http://www.ilovesparraws.com", context)).isFalse();
}

}