This repository has been archived by the owner on May 16, 2023. It is now read-only.
Add random key padding #609
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pithumke
commented
Jun 20, 2020
...test/java/app/coronawarn/server/services/submission/controller/SubmissionControllerTest.java
Outdated
Show resolved
Hide resolved
...test/java/app/coronawarn/server/services/submission/controller/SubmissionControllerTest.java
Outdated
Show resolved
Hide resolved
pithumke
requested review from
christian-kirschnick,
johanneseschrig,
michael-burwig,
MKusber,
ole-lilienthal,
stevesap and
UnchartedBull
as code owners
christian-kirschnick
approved these changes
Jun 22, 2020
|
Kudos, SonarCloud Quality Gate passed!
|
Closed
...test/java/app/coronawarn/server/services/submission/controller/SubmissionControllerTest.java
Show resolved
Hide resolved
...src/main/java/app/coronawarn/server/services/submission/controller/SubmissionController.java
Show resolved
Hide resolved
pithumke
added a commit
that referenced
this pull request
Jun 22, 2020
pithumke
added a commit
that referenced
this pull request
Jun 22, 2020
Merged
christian-kirschnick
added a commit
that referenced
this pull request
Jun 22, 2020
* Introduce new version 1.0.8 * Disable UserDetailsServiceAutoConfiguration (#594) * Cherry-Pick: Add random key padding (#609) * Cherry-Pick: Minor code prettification (#612) Co-authored-by: Johannes Eschrig <[email protected]> Co-authored-by: Pit Humke <[email protected]>
christian-kirschnick
added a commit
that referenced
this pull request
Jul 10, 2020
* Introduce a new 1.1.0-SNAPSHOT (#465) * Fix postgres endpoint in README (#467) * Documentation: Fix broken link in architecture-overview.md (#469) * Adherence to micrometer naming conventions (#468) Co-authored-by: Steve BE <[email protected]> * alternate postgres address (from container) (#479) * Mitigate CVE-2020-13692 (#477) * Add profile documentation to readme (#475) * Add hostname verification (#473) * Optimize Docker build with mvn go-offline (#470) * Fix CVE-2020-13692 in services too (#484) * S3 compatible storage multithreading (#466) * Number of bytes should not depend on Locale (#478) Charset.defaultCharset() depends on the locale of the JVM and OS. Tests would fail e.g. with UTF-16 (2 byte per character) encoding. Use US-ASCII instead to make it obvious we use a 1 byte per character encoding for test data. * Add CSP header (#492) * add file license header checklist item (#491) * correct dev profile argument (#490) * Fix grep command (#481) Without "--", grep interprets search string "-t" as flag * fix sonarlint-warning in tests (#471) - replace size-comparison with "hasSameSizeAs" - remove redundant "isNotNull()" * Consistently use UTC for LocalDateTime (#488) * docs for running maven build with services from docker-compose (#494) * Updating readme (#516) * Update dependencies (#487) * remove use of ForkJoinPool in SubmissionController (#399) (#518) * Fix http client connection pool size (#519) * Update android app versions (#520) * Add "ssl-client-verification-verify-hostname" profile (#521) * Revert "Update android app versions (#520)" (#524) * Add TLS Ciphers compliant to BSI-TR-02102-2 (#525) * Restrict TLS Version * Specify explicit ciphers * Add ciphers Co-authored-by: Pit Humke <[email protected]> * Add stubs for planned documentation (#528) * Update android app versions (#529) * remove unnecessary import (#532) * Restict allowed actuator routes (#540) * Renaming singing decorator (#539) Co-authored-by: Steve BE <[email protected]> * Set test root log level to 'off' for distribution (#543) * Add tests to ensure requests are monitored (#544) Co-authored-by: Christian Kirschnick <[email protected]> * Fix batch counter concurrency issue (#551) * Enabling roles also for local development & docker setup (#552) * rename app.coronawarn.server.services.distribution.assembly.structure.directory.decorators package in test to 'decorator' to match main package (#555) * Change SSL-related profiles to be secure by default (#541) * Fix connection pool size configuration (#561) * Updated timestamp format (#566) * Fix SSL defaults (#564) * moved details to description property (#558) * Update log level for invalid TAN syntax check (#553) * Streamline log level for submissionservice (#550) * Fix fake delay updates (#570) * final adjustments for params (#576) * adjusting log statement (#583) * adjusting log statement * code review * S3 Continuation Token (#572) * Object Store / S3 Publisher Test (#585) * add test for upload error * add ObjectStoreAccess Tests * Add validator for submissionTimestamp (closes #557) (#573) * Add validator for submissionTimestamp * [refactor] extract and reuse buildDiagnosisKey helper methods * Add additional unit tests (#588) * Doc: TLS (#571) * Disable UserDetailsServiceAutoConfiguration (#594) * nit: corrected typo (#592) * Declutter SubmissionController (#554) * DOC: Distribution Service/Spring Profiles (#559) * DOC: Submission Service\Spring Profiles & Impact (#534) * use version path parts from application configuration (#596) * Fix/appconfig validation (#598) - Fixes bug where app configurations could be written even if validation failed at runtime. - Adds unit test for AppConfigurationDirectory - Corrects JavaDoc in AppConfigurationDirectory - Extracts test helper method - Refactors AppConfigurationProvider into Configuration that provides ApplicationConfiguration bean * Use non-root user inside the containers (#597) * Add missing blanks in warn messages (#599) * Create runner tests (#604) * Add unit test for ObjectStoreAccess construction bucketExists check * wip * cleanup * Clean up new lines * Remove unnecessary public modifiers Co-authored-by: Michael Burwig <[email protected]> * replace all CR, LF or CRLF (#591) * Specify TLS named groups (#603) * Clearing up possible misunderstanding of full architecture vs cwa server (#605) * Clearing up possible misunderstanding of full architecture vs cwa server (#605) * Add random key padding (#609) * Minor code prettification (#612) * Minor code quality improvements (#575) * Decrease max random key multiplier to 25 (#615) * Add manual Log4J shutdown hook (close #589) (#590) * Object Store Docs (#560) * Added distribution * remove links * Add assembly * formatting + spelling * Cleanup files * Readd DISTRIBUTION.md * Update docs/DISTRIBUTION.md Co-authored-by: Pit Humke <[email protected]> * Update docs/DISTRIBUTION.md * pr remarks * add some information for retention * linting * Add info about file naming * Add minor tweaks Co-authored-by: MKusber <[email protected]> Co-authored-by: Christian Kirschnick <[email protected]> Co-authored-by: Pit Humke <[email protected]> Co-authored-by: Michael Burwig <[email protected]> * Test for VerificationServiceHealthIndicator, remove null check (#619) * Fix sonar issues (#623) * Add unit tests for export.bin.checksum (#621) * Add unit tests for export.bin.checksum * add license file header * fix code smell * Moved non-static import, use of helper for DiagnosisKey * Make use of AssertJ dedicated methods * Remove unused import Co-authored-by: Kevin Pontes <[email protected]> * Fix/mime type (#627) * depending on the s3Key we identify the mime type 608: Index Files: Incorrect mime type - #608 * get the content type from the localfile and add to headers map 608: Index Files: Incorrect mime type - #608 * forward the added CONTENT_TYPE header to the s3Client (requestBuilder) 608: Index Files: Incorrect mime type - #608 * removed keyword: 'final' 608: Index Files: Incorrect mime type Task-Url: #608 * removed dependency on awssdk 608: Index Files: Incorrect mime type Task-Url: #608 * Use native query for retention policy (#628) * #556: Performance Improvement: Disable spring.jpa.open-in-view in (#632) submission service Task-Url: #556 * Config/adjust min android version (#633) * Update app-version-config.yaml Adjust min android version * Update app-version-config.yaml * OSP is OpenStack Platform, OpenShift is OCP (#625) * Mitigate CVE-2020-11996 (#635) * Integration Testing on CircleCI (#580) * failsafe * add failsafe int test to circle ci * Docker object store on circle ci Co-authored-by: Christian Kirschnick <[email protected]> * Enable Docker Layer Caching on CircleCi (#639) * Submission Svc: Timeout handling (#602) * introduce spring transaction default timeout * introduce feign client timeouts * add timeout test * Simplifying DateAggregatingDecorator (#629) * Create unit test for DiagnosisKeysHourDirectory. * Add getDistributionTime function to DiagnosisKeyBundler. * Add tests to DiagnosisKeysDateDirectory and improve HourDirectoryTests. * Remove DateAggregatingDecorator. * Add license header. * Remove unnecessary public visibility for DiagnosisKeysHourDirectoryTest. * Use native query for retention policy (#628) * Code formatting. * Split parameterized test for DiagnosisKeysDateDirectory into separate tests. * Split parameterized test for DiagnosisKeysHourDirectory into separate tests. * Remove null value return when the associated date is current distribution date. * Remove null value return when the associated date is current distribution date. * Remove TestTuple class. * Made NilDirectory public and test coverage. * Made NilDirectory public and test coverage. * Made NilDirectory public and test coverage. * Use optional instead of NilDirectory. * Add minor formatting tweaks Co-authored-by: KevponSAP <[email protected]> Co-authored-by: Pit Humke <[email protected]> Co-authored-by: Steve BE <[email protected]> Co-authored-by: Michael Burwig <[email protected]> * Revert "Consistently use UTC for LocalDateTime (#488)" (#641) This reverts commit ec099f3. * switch to spring-2.3.1 (#574) * switch to spring-2.3.1 * remove CVE-2020-11996 mitigation is now resolved by upgrade to spring-2.3.1 * Use maven wrapper as the single source of truth for maven version in the project (#194) * use maven wrapper as a single source of truth for maven version * Use ./mvnw instead of mvn * -set JAVA_HOME variable to jdk 11 * - set export JAVA_HOME without sudo * - set in the SonarCloud analysis the JAVA_HOME * - add line for consistency * - change to use mvnw in docker-compose-it file * force mvnw script and properties file to use LF eol for windows machines * Include date index file generation for current date in demo profile. (#643) * fix javadoc generation errors (#646) * Update codeowners file (#645) * Fix client SSL properties (#648) * Replace data-jpa with data-jdbc (#631) * Replace data-jpa with data-jdbc * Remove default constructor from DiagnosisKey * Clarify test.database.replace statement * downscale gracefully (#647) * Failing requests in down-scaling scenario closes #547 Following https://dzone.com/articles/graceful-shutdown-spring-boot-applications We let the tomcat finish it's work (send open async responses - DeferredResult), before it's terminated (SIGTERM coming from kubernetes). * #589 Log4j improper shutdown same thing as in distribution service * checkstyle complains about missing javadoc why is it doing that for this method but not for the others without javadoc?!?! bug in checkstyle? * ignore null executors #547 * add missing file comment 'license' #547 * fix issues found by sonar #547 * let's use the spring framework solution #547 https://dzone.com/articles/configuring-graceful-shutdown-readiness-and-livene * prefer `DisposableBean` over `@PreDestroy` #589 * use k8s setting `terminationGracePeriodSeconds` #547 * Spring Cloud Vault Integration (#624) * Remove missing .yaml attribute validation test (#652) * Add dependecies for javadoc generation (#649) * Move dependency one level up (#654) * Update with links to cwa-server documentation and JavaDoc (#655) * Fix javadoc search 404 result issue (#657) * Fix/attenuation value range (#642) * Change value range lt to le * Change parameter lt_10_dbm to le_10_dbm in yaml-files, add unit test for naming mismatch, fix unit test path for broken syntax * Removed unused enum entry, refactor test Co-authored-by: Kevin Pontes <[email protected]> Co-authored-by: Pit Humke <[email protected]> * Addition to CODEOWNERS.md (#653) * Addition to codeowners * Specify entire teams in codeowners file * Revert "Specify entire teams in codeowners file" This reverts commit e101f43. * Added Frederico to codeowners.md Co-authored-by: Michael Burwig <[email protected]> Co-authored-by: Ole Lilienthal <[email protected]> Co-authored-by: Jan Sievers <[email protected]> Co-authored-by: selectAll <[email protected]> Co-authored-by: Steve BE <[email protected]> Co-authored-by: Pit Humke <[email protected]> Co-authored-by: Timon G <[email protected]> Co-authored-by: MKusber <[email protected]> Co-authored-by: Walter S <[email protected]> Co-authored-by: Nils Knappmier (work account) <[email protected]> Co-authored-by: Christian Kirschnick <[email protected]> Co-authored-by: Michael Burwig <[email protected]> Co-authored-by: Paul-Christian Volkmer <[email protected]> Co-authored-by: Roman Neß <[email protected]> Co-authored-by: Matthias Wessendorf <[email protected]> Co-authored-by: Stefan Weil <[email protected]> Co-authored-by: Björn Wilmsmann <[email protected]> Co-authored-by: Roberto Duessmann <[email protected]> Co-authored-by: Michael <[email protected]> Co-authored-by: Kevin Pontes <[email protected]> Co-authored-by: Hilmar Falkenberg <[email protected]> Co-authored-by: KevponSAP <[email protected]> Co-authored-by: Hilmar Falkenberg <[email protected]> Co-authored-by: Christopher Schmitz <[email protected]> Co-authored-by: dabelenda <[email protected]> Co-authored-by: Sorin Stefan Iovita <[email protected]> Co-authored-by: Michael Risthaus <[email protected]> Co-authored-by: Driptaroop Das <[email protected]> Co-authored-by: ioangut <[email protected]> Co-authored-by: EugenM-SAP <[email protected]>
|
@pithumke Is there a specific reason why you chose to just add random TEKs for every TEK instead of rounding up the number of TEKs to the next 10 or maybe 32?
The discussion for the issue "just" requested to add random TEKs in case there is a small number of TEKs (less than 10 / round up to at least 10 TEKs). |
|
Hello @pinkit-cwa, |
hilmarf
reviewed
Aug 19, 2020
| # then the 5 real submitted keys will be saved to the DB, plus an additional 45 keys with | ||
| # random 'key_data'. All properties, besides the 'key_data', of the additional keys will be | ||
| # identical to the real key. | ||
| random-key-padding-multiplier: ${RANDOM_KEY_PADDING_MULTIPLIER:1} |
There was a problem hiding this comment.
@ChristopherSchmitz - luckily Pit made this padding already configurable and the default is only 1. So as long as security/DPP has no other concerns, we can simply change the value, if required.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
key_datarandom-key-padding-multiplierpropertyDocumentation for the
random-key-padding-multiplierproperty from application.yaml: