Put some validation on to profile version strings

Co-authored-by: Jon Chambers <63609320+jon-signal@users.noreply.github.com>
2026-04-20 10:28:12 +01:00 · 2024-01-26 15:24:38 -06:00
parent ca05df5172
commit 36e7772f74
3 changed files with 156 additions and 65 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/CreateProfileRequest.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/CreateProfileRequest.java
@@ -15,6 +15,7 @@ import javax.validation.constraints.NotNull;
 import org.signal.libsignal.zkgroup.profiles.ProfileKeyCommitment;
 import org.whispersystems.textsecuregcm.util.ByteArrayBase64WithPaddingAdapter;
 import org.whispersystems.textsecuregcm.util.ExactlySize;
+import org.whispersystems.textsecuregcm.util.ValidHexString;

 public record CreateProfileRequest(
  @JsonProperty
@@ -25,6 +26,8 @@ public record CreateProfileRequest(

  @JsonProperty
  @NotEmpty
+  @ValidHexString
+  @ExactlySize({64})
  String version,

  @JsonProperty
--- a/service/src/main/java/org/whispersystems/textsecuregcm/util/ValidHexString.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/util/ValidHexString.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2024 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.util;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+import java.util.HexFormat;
+import java.util.Objects;
+import javax.validation.Constraint;
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+import javax.validation.Payload;
+
+/**
+ * Constraint annotation that requires annotated entity is a valid hex encoded string.
+ */
+@Target({ FIELD, PARAMETER, METHOD })
+@Retention(RUNTIME)
+@Constraint(validatedBy = ValidHexString.Validator.class)
+@Documented
+public @interface ValidHexString {
+
+  String message() default "value is not a valid hex string";
+
+  Class<?>[] groups() default { };
+
+  Class<? extends Payload>[] payload() default { };
+
+  class Validator implements ConstraintValidator<ValidHexString, String> {
+
+    @Override
+    public boolean isValid(final String value, final ConstraintValidatorContext context) {
+      if (Objects.isNull(value)) {
+        return true;
+      }
+      try {
+        HexFormat.of().parseHex(value);
+        return true;
+      } catch (IllegalArgumentException e) {
+        return false;
+      }
+    }
+  }
+}