Add test for content length validation

2026-04-20 00:58:07 +01:00 · 2022-02-15 17:40:27 -08:00
parent 579eb85175
commit 73fa3c3fe4
5 changed files with 111 additions and 11 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
@@ -138,7 +138,8 @@ public class MessageController {
  private static final String SENDER_TYPE_UNIDENTIFIED = "unidentified";
  private static final String SENDER_TYPE_SELF = "self";

-  private static final long MAX_MESSAGE_SIZE = DataSize.kibibytes(256).toBytes();
+  @VisibleForTesting
+  static final long MAX_MESSAGE_SIZE = DataSize.kibibytes(256).toBytes();

  public MessageController(
      RateLimiters rateLimiters,
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessage.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessage.java
@@ -4,33 +4,63 @@
 */
 package org.whispersystems.textsecuregcm.entities;

+import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;

 public class IncomingMessage {

  @JsonProperty
-  private int    type;
+  private int type;

  @JsonProperty
-  private String destination;
+  private final String destination;

  @JsonProperty
-  private long   destinationDeviceId = 1;
+  private long destinationDeviceId;

  @JsonProperty
  private int destinationRegistrationId;

  @JsonProperty
-  private String body;
+  private final String body;

  @JsonProperty
-  private String content;
+  private final String content;

  @JsonProperty
-  private String relay;
+  private final String relay;

  @JsonProperty
-  private long   timestamp; // deprecated
+  private long timestamp; // deprecated
+
+  @JsonCreator
+  public IncomingMessage(
+      @JsonProperty("id") final Integer type,
+      @JsonProperty("destination") final String destination,
+      @JsonProperty("destinationDeviceId") final Long destinationDeviceId,
+      @JsonProperty("destinationRegistrationId") final Integer destinationRegistrationId,
+      @JsonProperty("body") final String body,
+      @JsonProperty("content") final String content,
+      @JsonProperty("relay") final String relay,
+      @JsonProperty("timestamp") final Long timestamp) {
+    if (type != null) {
+      this.type = type;
+    }
+    this.destination = destination;
+
+    if (destinationDeviceId != null) {
+      this.destinationDeviceId = destinationDeviceId;
+    }
+    if (destinationRegistrationId != null) {
+      this.destinationRegistrationId = destinationRegistrationId;
+    }
+    this.body = body;
+    this.content = content;
+    this.relay = relay;
+    if (timestamp != null) {
+      this.timestamp = timestamp;
+    }
+  }

  public String getDestination() {
    return destination;
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessageList.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessageList.java
@@ -4,6 +4,7 @@
 */
 package org.whispersystems.textsecuregcm.entities;

+import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import java.util.List;
 import javax.validation.Valid;
@@ -14,7 +15,7 @@ public class IncomingMessageList {
  @JsonProperty
  @NotNull
  @Valid
-  private List<@NotNull IncomingMessage> messages;
+  private final List<@NotNull IncomingMessage> messages;

  @JsonProperty
  private long timestamp;
@@ -22,7 +23,19 @@ public class IncomingMessageList {
  @JsonProperty
  private boolean online;

-  public IncomingMessageList() {}
+  @JsonCreator
+  public IncomingMessageList(
+      @JsonProperty("messages") final List<@NotNull IncomingMessage> messages,
+      @JsonProperty("online") final Boolean online,
+      @JsonProperty("timestamp") final Long timestamp) {
+    this.messages = messages;
+    if (timestamp != null) {
+      this.timestamp = timestamp;
+    }
+    if (online != null) {
+      this.online = online;
+    }
+  }

  public List<IncomingMessage> getMessages() {
    return messages;
--- a/service/src/main/java/org/whispersystems/textsecuregcm/providers/MultiDeviceMessageListProvider.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/providers/MultiDeviceMessageListProvider.java
@@ -16,6 +16,7 @@ import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.NoContentException;
+import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.ext.MessageBodyReader;
 import javax.ws.rs.ext.Provider;
 import org.whispersystems.textsecuregcm.entities.IncomingDeviceMessage;
@@ -66,7 +67,7 @@ public class MultiDeviceMessageListProvider extends BinaryProviderBase implement

      long messageLength = readVarint(entityStream);
      if (messageLength > MAX_MESSAGE_SIZE) {
-        throw new BadRequestException("Message body too large");
+        throw new WebApplicationException("Message body too large", Status.REQUEST_ENTITY_TOO_LARGE);
      }
      byte[] contents = entityStream.readNBytes(Math.toIntExact(messageLength));
      if (contents.length != messageLength) {