[
http://www.stripesframework.org/jira/browse/STS-699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
John Newman updated STS-699:
----------------------------
Attachment: CryptoBugActionBean.java
TestCryptoBug.java
attaching minimal test case to reproduce
> @Validate(encrypted=true) throws exception if user submits non encrypted
> parameter only with certain characters
> ---------------------------------------------------------------------------------------------------------------
>
> Key: STS-699
> URL: http://www.stripesframework.org/jira/browse/STS-699
> Project: Stripes
> Issue Type: Bug
> Components: Validation
> Affects Versions: Release 1.5.1
> Reporter: John Newman
> Attachments: CryptoBugActionBean.java, TestCryptoBug.java
>
>
> Hello,
> @Validate(encrypted=true) throws an exception if the user does something like
> ?encryptedParam=.special.characters.
> ?encryptedParam=xxx gives a nice warning message: WARN CryptoUtil:161 -
> Input was not encrypted with the current encryption key: nice warning message
> but if there are special characters in the input an exception bubbles up:
> Bad Base64 input character at 36: 46(decimal)
> 10:35:58,997 WARN DefaultActionBeanPropertyBinder:90 - Looks like type
> converter net.sourceforge.stripes.validation.stringtypeconver...@152544e
> threw an exception.
> java.lang.IllegalArgumentException: Null input buffer
> at javax.crypto.Cipher.doFinal(DashoA12275)
> at net.sourceforge.stripes.util.CryptoUtil.decrypt(CryptoUtil.java:192)
> at
> net.sourceforge.stripes.controller.DefaultActionBeanPropertyBinder.convert(DefaultActionBeanPropertyBinder.java:787)
> at
> net.sourceforge.stripes.controller.DefaultActionBeanPropertyBinder.bind(DefaultActionBeanPropertyBinder.java:182)
> at
> net.sourceforge.stripes.controller.DispatcherHelper$3.intercept(DispatcherHelper.java:194)
> at
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
> at
> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
> at
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
> at
> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
> at
> net.sourceforge.stripes.controller.DispatcherHelper.doBindingAndValidation(DispatcherHelper.java:190)
> at
> net.sourceforge.stripes.controller.DispatcherServlet.doBindingAndValidation(DispatcherServlet.java:261)
> at
> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:155)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at
> net.sourceforge.stripes.mock.MockFilterChain.doFilter(MockFilterChain.java:66)
> at
> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
> at
> net.sourceforge.stripes.mock.MockFilterChain.doFilter(MockFilterChain.java:63)
> at
> net.sourceforge.stripes.mock.MockServletContext.acceptRequest(MockServletContext.java:255)
> at
> net.sourceforge.stripes.mock.MockRoundtrip.execute(MockRoundtrip.java:195)
> at test.TestCryptoBug.testException(TestCryptoBug.java:43)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.junit.internal.runners.TestMethod.invoke(TestMethod.java:59)
> at
> org.junit.internal.runners.MethodRoadie.runTestMethod(MethodRoadie.java:98)
> at org.junit.internal.runners.MethodRoadie$2.run(MethodRoadie.java:79)
> at
> org.junit.internal.runners.MethodRoadie.runBeforesThenTestThenAfters(MethodRoadie.java:87)
> at org.junit.internal.runners.MethodRoadie.runTest(MethodRoadie.java:77)
> at org.junit.internal.runners.MethodRoadie.run(MethodRoadie.java:42)
> at
> org.junit.internal.runners.JUnit4ClassRunner.invokeTestMethod(JUnit4ClassRunner.java:88)
> at
> org.junit.internal.runners.JUnit4ClassRunner.runMethods(JUnit4ClassRunner.java:51)
> at
> org.junit.internal.runners.JUnit4ClassRunner$1.run(JUnit4ClassRunner.java:44)
> at
> org.junit.internal.runners.ClassRoadie.runUnprotected(ClassRoadie.java:27)
> at
> org.junit.internal.runners.ClassRoadie.runProtected(ClassRoadie.java:37)
> at
> org.junit.internal.runners.JUnit4ClassRunner.run(JUnit4ClassRunner.java:42)
> at
> org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:45)
> at
> org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
> this should be caught and warned about instead as it allows user input to
> cause exceptions. This also happens from the population strategy
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://www.stripesframework.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
