Stripes

@Validate(encrypted=true) throws exception if user submits non encrypted parameter only with certain characters

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Duplicate
  • Affects Version/s: Release 1.5
  • Fix Version/s: Release 1.5.1
  • Component/s: Validation
  • Labels:
    None

Description

Hello,

@Validate(encrypted=true) throws an exception if the user does something like ?encryptedParam=.special.characters.

?encryptedParam=xxx gives a nice warning message: WARN CryptoUtil:161 - Input was not encrypted with the current encryption key: nice warning message

but if there are special characters in the input an exception bubbles up:

Bad Base64 input character at 36: 46(decimal)
10:35:58,997 WARN DefaultActionBeanPropertyBinder:90 - Looks like type converter net.sourceforge.stripes.validation.StringTypeConverter@152544e threw an exception.
java.lang.IllegalArgumentException: Null input buffer
at javax.crypto.Cipher.doFinal(DashoA12275)
at net.sourceforge.stripes.util.CryptoUtil.decrypt(CryptoUtil.java:192)
at net.sourceforge.stripes.controller.DefaultActionBeanPropertyBinder.convert(DefaultActionBeanPropertyBinder.java:787)
at net.sourceforge.stripes.controller.DefaultActionBeanPropertyBinder.bind(DefaultActionBeanPropertyBinder.java:182)
at net.sourceforge.stripes.controller.DispatcherHelper$3.intercept(DispatcherHelper.java:194)
at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
at net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
at net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
at net.sourceforge.stripes.controller.DispatcherHelper.doBindingAndValidation(DispatcherHelper.java:190)
at net.sourceforge.stripes.controller.DispatcherServlet.doBindingAndValidation(DispatcherServlet.java:261)
at net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:155)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at net.sourceforge.stripes.mock.MockFilterChain.doFilter(MockFilterChain.java:66)
at net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
at net.sourceforge.stripes.mock.MockFilterChain.doFilter(MockFilterChain.java:63)
at net.sourceforge.stripes.mock.MockServletContext.acceptRequest(MockServletContext.java:255)
at net.sourceforge.stripes.mock.MockRoundtrip.execute(MockRoundtrip.java:195)
at test.TestCryptoBug.testException(TestCryptoBug.java:43)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.junit.internal.runners.TestMethod.invoke(TestMethod.java:59)
at org.junit.internal.runners.MethodRoadie.runTestMethod(MethodRoadie.java:98)
at org.junit.internal.runners.MethodRoadie$2.run(MethodRoadie.java:79)
at org.junit.internal.runners.MethodRoadie.runBeforesThenTestThenAfters(MethodRoadie.java:87)
at org.junit.internal.runners.MethodRoadie.runTest(MethodRoadie.java:77)
at org.junit.internal.runners.MethodRoadie.run(MethodRoadie.java:42)
at org.junit.internal.runners.JUnit4ClassRunner.invokeTestMethod(JUnit4ClassRunner.java:88)
at org.junit.internal.runners.JUnit4ClassRunner.runMethods(JUnit4ClassRunner.java:51)
at org.junit.internal.runners.JUnit4ClassRunner$1.run(JUnit4ClassRunner.java:44)
at org.junit.internal.runners.ClassRoadie.runUnprotected(ClassRoadie.java:27)
at org.junit.internal.runners.ClassRoadie.runProtected(ClassRoadie.java:37)
at org.junit.internal.runners.JUnit4ClassRunner.run(JUnit4ClassRunner.java:42)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:45)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)

this should be caught and warned about instead as it allows user input to cause exceptions. This also happens from the population strategy

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
John Newman added a comment - 22/Jul/09 9:40 AM

attaching minimal test case to reproduce

Show
John Newman added a comment - 22/Jul/09 9:40 AM attaching minimal test case to reproduce
Hide
Permalink
Ben Gunter added a comment - 16/Oct/09 10:19 AM

Duplicate of STS-555. Fixed in 1.5.1.

Show
Ben Gunter added a comment - 16/Oct/09 10:19 AM Duplicate of STS-555. Fixed in 1.5.1.

People

Vote (0)
Watch (1)

Dates

  • Created:
    22/Jul/09 9:39 AM
    Updated:
    04/Jan/11 1:46 PM
    Resolved:
    16/Oct/09 10:19 AM
Atlassian JIRA (v4.2#587) | Report a problem
Powered by a free Atlassian JIRA open source license for Stripes Framework. Try JIRA - bug tracking software for your team.