-
Notifications
You must be signed in to change notification settings - Fork 24.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle malformed license signatures #37137
Conversation
This commit adds a more user friendly error message when a license signature is malformed/truncated in a way that it cannot be meaningfully parsed
Pinging @elastic/es-security |
byte[] signatureBytes = Base64.getDecoder().decode(builder.signature); | ||
ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes); | ||
version = byteBuffer.getInt(); | ||
} catch (BufferUnderflowException | IllegalArgumentException e) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it intentional that you don't just catch Exception
? I don't think there's any exception that could be thrown here that we wouldn't want to wrap with a better message.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I did it on purpose. decode()
throws an IllegalArgumentException
and getInt()
throws a BufferUnderflowException()
. I think that wrap()
can't throw an IndexOutOfBoundsException
when called with a byte array param. Am I missing any ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is safe to catch Exception
here. Any exception that we get here would pretty much indicate a malformed signature right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeap, I'll adjust this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This commit adds a more user friendly error message when a license
signature is malformed/truncated in a way that it cannot be
meaningfully parsed
Resolves #35340