From 1052516c8d25b28daf81211666116d15331521bf Mon Sep 17 00:00:00 2001
From: ouvreboite <muscatjb@gmail.com>
Date: Tue, 22 Sep 2020 16:40:15 +0200
Subject: [PATCH] fix: protect from pattern breaking in controller parameters

---
 .../kafka/producer/KafkaProducerBuilder.java        |  4 ++--
 .../webapp/PatternBreakingCharacterRemover.java     |  8 ++++++++
 .../webapp/controller/StationRestController.java    |  3 +++
 .../webapp/PatternBreakingCharacterRemoverTest.java | 13 +++++++++++++
 4 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 source/webapp/src/main/java/fr/velinfo/webapp/PatternBreakingCharacterRemover.java
 create mode 100644 source/webapp/src/test/java/fr/velinfo/webapp/PatternBreakingCharacterRemoverTest.java

diff --git a/source/kafka/src/main/java/fr/velinfo/kafka/producer/KafkaProducerBuilder.java b/source/kafka/src/main/java/fr/velinfo/kafka/producer/KafkaProducerBuilder.java
index 7dcaef7..2719803 100644
--- a/source/kafka/src/main/java/fr/velinfo/kafka/producer/KafkaProducerBuilder.java
+++ b/source/kafka/src/main/java/fr/velinfo/kafka/producer/KafkaProducerBuilder.java
@@ -1,7 +1,7 @@
 package fr.velinfo.kafka.producer;
 
 import fr.velinfo.common.ConnectionConfiguration;
-import io.confluent.kafka.serializers.KafkaAvroDeserializerConfig;
+import io.confluent.kafka.serializers.AbstractKafkaSchemaSerDeConfig;
 import org.apache.avro.specific.SpecificRecord;
 import org.apache.kafka.clients.producer.KafkaProducer;
 import org.apache.kafka.clients.producer.ProducerConfig;
@@ -22,7 +22,7 @@ public <A extends SpecificRecord> KafkaProducer<String, A> createProducer() {
         var props = new Properties();
 
         props.put(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, config.getBootstrapServers());
-        props.put(KafkaAvroDeserializerConfig.SCHEMA_REGISTRY_URL_CONFIG, config.getSchemaRegistryUrl());
+        props.put(AbstractKafkaSchemaSerDeConfig.SCHEMA_REGISTRY_URL_CONFIG, config.getSchemaRegistryUrl());
         props.put(ProducerConfig.ACKS_CONFIG, "all");
         props.put(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, "org.apache.kafka.common.serialization.StringSerializer");
         props.put(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, "io.confluent.kafka.serializers.KafkaAvroSerializer");
diff --git a/source/webapp/src/main/java/fr/velinfo/webapp/PatternBreakingCharacterRemover.java b/source/webapp/src/main/java/fr/velinfo/webapp/PatternBreakingCharacterRemover.java
new file mode 100644
index 0000000..142fab7
--- /dev/null
+++ b/source/webapp/src/main/java/fr/velinfo/webapp/PatternBreakingCharacterRemover.java
@@ -0,0 +1,8 @@
+package fr.velinfo.webapp;
+
+public class PatternBreakingCharacterRemover {
+
+    public static String strip(String string){
+        return string.replaceAll("[\n|\r|\t]", "_");
+    }
+}
diff --git a/source/webapp/src/main/java/fr/velinfo/webapp/controller/StationRestController.java b/source/webapp/src/main/java/fr/velinfo/webapp/controller/StationRestController.java
index 5a5fa48..3a47eb6 100644
--- a/source/webapp/src/main/java/fr/velinfo/webapp/controller/StationRestController.java
+++ b/source/webapp/src/main/java/fr/velinfo/webapp/controller/StationRestController.java
@@ -13,6 +13,8 @@
 
 import java.util.List;
 
+import static fr.velinfo.webapp.PatternBreakingCharacterRemover.strip;
+
 @RestController()
 @RequestMapping("/api/stations")
 public class StationRestController {
@@ -34,6 +36,7 @@ public List<Station> getAllStations() {
     @GetMapping("/{id}/hourly-stats")
     @Operation(summary = "Get hourly statistics of a station for the past 30 days", tags = "statistics")
     public List<StationStat> getHourlyStatistics(@PathVariable("id") String stationCode) throws Repository.RepositoryException {
+        stationCode = strip(stationCode);
         return stationStatsService.getHourlyStatistics(stationCode, 30);
     }
 }
diff --git a/source/webapp/src/test/java/fr/velinfo/webapp/PatternBreakingCharacterRemoverTest.java b/source/webapp/src/test/java/fr/velinfo/webapp/PatternBreakingCharacterRemoverTest.java
new file mode 100644
index 0000000..9ef1c89
--- /dev/null
+++ b/source/webapp/src/test/java/fr/velinfo/webapp/PatternBreakingCharacterRemoverTest.java
@@ -0,0 +1,13 @@
+package fr.velinfo.webapp;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class PatternBreakingCharacterRemoverTest {
+
+    @Test
+    void strip_shouldRemoveBreakingCharacters() {
+        assertEquals("a_b_c_d", PatternBreakingCharacterRemover.strip("a\nb\rc\td"));
+    }
+}
\ No newline at end of file