Skip to content

Commit

Permalink
fix: protect from pattern breaking in controller parameters
Browse files Browse the repository at this point in the history
  • Loading branch information
@ouvreboite
ouvreboite committed Sep 22, 2020
1 parent 1900858 commit 1052516
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 2 deletions.
4 changes: 2 additions & 2 deletions source/kafka/src/main/java/fr/velinfo/kafka/producer/KafkaProducerBuilder.java
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package fr.velinfo.kafka.producer;

import fr.velinfo.common.ConnectionConfiguration;
import io.confluent.kafka.serializers.KafkaAvroDeserializerConfig;
import io.confluent.kafka.serializers.AbstractKafkaSchemaSerDeConfig;
import org.apache.avro.specific.SpecificRecord;
import org.apache.kafka.clients.producer.KafkaProducer;
import org.apache.kafka.clients.producer.ProducerConfig;
Expand All @@ -22,7 +22,7 @@ public <A extends SpecificRecord> KafkaProducer<String, A> createProducer() {
var props = new Properties();

props.put(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, config.getBootstrapServers());
props.put(KafkaAvroDeserializerConfig.SCHEMA_REGISTRY_URL_CONFIG, config.getSchemaRegistryUrl());
props.put(AbstractKafkaSchemaSerDeConfig.SCHEMA_REGISTRY_URL_CONFIG, config.getSchemaRegistryUrl());
props.put(ProducerConfig.ACKS_CONFIG, "all");
props.put(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, "org.apache.kafka.common.serialization.StringSerializer");
props.put(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, "io.confluent.kafka.serializers.KafkaAvroSerializer");
Expand Down
8 changes: 8 additions & 0 deletions source/webapp/src/main/java/fr/velinfo/webapp/PatternBreakingCharacterRemover.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
package fr.velinfo.webapp;

public class PatternBreakingCharacterRemover {

public static String strip(String string){
return string.replaceAll("[\n|\r|\t]", "_");
}
}
3 changes: 3 additions & 0 deletions source/webapp/src/main/java/fr/velinfo/webapp/controller/StationRestController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@

import java.util.List;

import static fr.velinfo.webapp.PatternBreakingCharacterRemover.strip;

@RestController()
@RequestMapping("/api/stations")
public class StationRestController {
Expand All @@ -34,6 +36,7 @@ public List<Station> getAllStations() {
@GetMapping("/{id}/hourly-stats")
@Operation(summary = "Get hourly statistics of a station for the past 30 days", tags = "statistics")
public List<StationStat> getHourlyStatistics(@PathVariable("id") String stationCode) throws Repository.RepositoryException {
stationCode = strip(stationCode);
return stationStatsService.getHourlyStatistics(stationCode, 30);
}
}
13 changes: 13 additions & 0 deletions source/webapp/src/test/java/fr/velinfo/webapp/PatternBreakingCharacterRemoverTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
package fr.velinfo.webapp;

import org.junit.jupiter.api.Test;

import static org.junit.jupiter.api.Assertions.*;

class PatternBreakingCharacterRemoverTest {

@Test
void strip_shouldRemoveBreakingCharacters() {
assertEquals("a_b_c_d", PatternBreakingCharacterRemover.strip("a\nb\rc\td"));
}
}

0 comments on commit 1052516

Please sign in to comment.