[
http://www.stripesframework.org/jira/browse/STS-699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ben Gunter updated STS-699:
---------------------------
Fix Version/s: (was: Release 1.5.2)
(was: Release 1.6)
Release 1.5.1
Affects Version/s: (was: Release 1.5.1)
Release 1.5
> @Validate(encrypted=true) throws exception if user submits non encrypted
> parameter only with certain characters
> ---------------------------------------------------------------------------------------------------------------
>
> Key: STS-699
> URL: http://www.stripesframework.org/jira/browse/STS-699
> Project: Stripes
> Issue Type: Bug
> Components: Validation
> Affects Versions: Release 1.5
> Reporter: John Newman
> Assignee: Ben Gunter
> Fix For: Release 1.5.1
>
> Attachments: CryptoBugActionBean.java, TestCryptoBug.java
>
>
> Hello,
> @Validate(encrypted=true) throws an exception if the user does something like
> ?encryptedParam=.special.characters.
> ?encryptedParam=xxx gives a nice warning message: WARN CryptoUtil:161 -
> Input was not encrypted with the current encryption key: nice warning message
> but if there are special characters in the input an exception bubbles up:
> Bad Base64 input character at 36: 46(decimal)
> 10:35:58,997 WARN DefaultActionBeanPropertyBinder:90 - Looks like type
> converter net.sourceforge.stripes.validation.stringtypeconver...@152544e
> threw an exception.
> java.lang.IllegalArgumentException: Null input buffer
> at javax.crypto.Cipher.doFinal(DashoA12275)
> at net.sourceforge.stripes.util.CryptoUtil.decrypt(CryptoUtil.java:192)
> at
> net.sourceforge.stripes.controller.DefaultActionBeanPropertyBinder.convert(DefaultActionBeanPropertyBinder.java:787)
> at
> net.sourceforge.stripes.controller.DefaultActionBeanPropertyBinder.bind(DefaultActionBeanPropertyBinder.java:182)
> at
> net.sourceforge.stripes.controller.DispatcherHelper$3.intercept(DispatcherHelper.java:194)
> at
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
> at
> net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
> at
> net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
> at
> net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
> at
> net.sourceforge.stripes.controller.DispatcherHelper.doBindingAndValidation(DispatcherHelper.java:190)
> at
> net.sourceforge.stripes.controller.DispatcherServlet.doBindingAndValidation(DispatcherServlet.java:261)
> at
> net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:155)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at
> net.sourceforge.stripes.mock.MockFilterChain.doFilter(MockFilterChain.java:66)
> at
> net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:246)
> at
> net.sourceforge.stripes.mock.MockFilterChain.doFilter(MockFilterChain.java:63)
> at
> net.sourceforge.stripes.mock.MockServletContext.acceptRequest(MockServletContext.java:255)
> at
> net.sourceforge.stripes.mock.MockRoundtrip.execute(MockRoundtrip.java:195)
> at test.TestCryptoBug.testException(TestCryptoBug.java:43)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.junit.internal.runners.TestMethod.invoke(TestMethod.java:59)
> at
> org.junit.internal.runners.MethodRoadie.runTestMethod(MethodRoadie.java:98)
> at org.junit.internal.runners.MethodRoadie$2.run(MethodRoadie.java:79)
> at
> org.junit.internal.runners.MethodRoadie.runBeforesThenTestThenAfters(MethodRoadie.java:87)
> at org.junit.internal.runners.MethodRoadie.runTest(MethodRoadie.java:77)
> at org.junit.internal.runners.MethodRoadie.run(MethodRoadie.java:42)
> at
> org.junit.internal.runners.JUnit4ClassRunner.invokeTestMethod(JUnit4ClassRunner.java:88)
> at
> org.junit.internal.runners.JUnit4ClassRunner.runMethods(JUnit4ClassRunner.java:51)
> at
> org.junit.internal.runners.JUnit4ClassRunner$1.run(JUnit4ClassRunner.java:44)
> at
> org.junit.internal.runners.ClassRoadie.runUnprotected(ClassRoadie.java:27)
> at
> org.junit.internal.runners.ClassRoadie.runProtected(ClassRoadie.java:37)
> at
> org.junit.internal.runners.JUnit4ClassRunner.run(JUnit4ClassRunner.java:42)
> at
> org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:45)
> at
> org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
> this should be caught and warned about instead as it allows user input to
> cause exceptions. This also happens from the population strategy
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://www.stripesframework.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
