Skip to content

Commit

Permalink
Enforce strict fields parsing for SigningExtensionHandler
Browse files Browse the repository at this point in the history 
 Uses custom copy of global ObjectMapper with FAIL_ON_UNKNOWN_PROPERTIES enabled
  • Loading branch information
@usmansaleem
usmansaleem committed May 1, 2024
1 parent 7f06899 commit 17692cf
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
13 changes: 13 additions & 0 deletions ...java/tech/pegasys/web3signer/tests/signing/ProofOfValidationSigningExtAcceptanceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,4 +136,17 @@ void invalidSignExtensionTypeCausesBadRequestStatusCode() throws Exception {

signer.signExtensionPayload(PUBLIC_KEY.toString(), payload, JSON).then().statusCode(400);
}

@Test
void extraJsonFieldsCausesBadRequestStatusCode() throws Exception {
final ProofOfValidationBody proofOfValidationBody =
new ProofOfValidationBody(
SigningExtensionType.PROOF_OF_VALIDATION,
"AT",
String.valueOf(System.currentTimeMillis()));
var payload = JSON_MAPPER.writeValueAsString(proofOfValidationBody);
payload = payload.replace("}", ",\"extraField\": \"extraValue\"}");

signer.signExtensionPayload(PUBLIC_KEY.toString(), payload, JSON).then().statusCode(400);
}
}
7 changes: 6 additions & 1 deletion ...a/tech/pegasys/web3signer/core/service/http/handlers/signing/SigningExtensionHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import java.util.List;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.vertx.core.Handler;
import io.vertx.core.json.JsonObject;
Expand All @@ -33,7 +34,11 @@
public class SigningExtensionHandler implements Handler<RoutingContext> {
public static final int NOT_FOUND = 404;
public static final int BAD_REQUEST = 400;
private static final ObjectMapper JSON_MAPPER = SigningObjectMapperFactory.createObjectMapper();
// custom copy of ObjectMapper that fails on unknown properties.
private static final ObjectMapper JSON_MAPPER =
SigningObjectMapperFactory.createObjectMapper()
.copy()
.enable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);

private final SignerForIdentifier<?> signerForIdentifier;

Expand Down

0 comments on commit 17692cf

Please sign in to comment.