From ec6e777e46fed9599e2c2a74ab861a640349f715 Mon Sep 17 00:00:00 2001 From: GKnirps <2447081+GKnirps@users.noreply.github.com> Date: Tue, 5 Sep 2023 16:05:52 +0200 Subject: [PATCH] Fix possible Subscription ID collision (#23) * Expand range for subsription IDs in NF management - also used a cryptographically secure RNG, which is probably not that important here * Add missing error handling in nf_management.go --- internal/context/management_data.go | 15 +++++++++------ internal/sbi/producer/nf_management.go | 20 ++++++++++++++++++-- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/internal/context/management_data.go b/internal/context/management_data.go index 66acbec..a5d68a0 100644 --- a/internal/context/management_data.go +++ b/internal/context/management_data.go @@ -1,11 +1,11 @@ package context import ( + "crypto/rand" + "encoding/hex" "encoding/json" "fmt" - "math/rand" "strconv" - "time" "github.com/mitchellh/mapstructure" "go.mongodb.org/mongo-driver/bson" @@ -44,10 +44,13 @@ func NnrfNFManagementDataModel(nf *models.NfProfile, nfprofile models.NfProfile) return nil } -func SetsubscriptionId() string { - rand.Seed(time.Now().UnixNano()) - x := rand.Intn(100) - return strconv.Itoa(x) +func SetsubscriptionId() (string, error) { + buffer := make([]byte, 16) + _, err := rand.Read(buffer) + if err != nil { + return "", err + } + return hex.EncodeToString(buffer), nil } func nnrfNFManagementCondition(nf *models.NfProfile, nfprofile models.NfProfile) { diff --git a/internal/sbi/producer/nf_management.go b/internal/sbi/producer/nf_management.go index 6ad8dee..ab3939b 100644 --- a/internal/sbi/producer/nf_management.go +++ b/internal/sbi/producer/nf_management.go @@ -178,16 +178,32 @@ func HandleCreateSubscriptionRequest(request *httpwrapper.Request) *httpwrapper. } func CreateSubscriptionProcedure(subscription models.NrfSubscriptionData) (bson.M, *models.ProblemDetails) { - subscription.SubscriptionId = nrf_context.SetsubscriptionId() + subscriptionID, err := nrf_context.SetsubscriptionId() + if err != nil { + logger.NfmLog.Errorf("Unable to create subscription ID in CreateSubscriptionProcedure: %+v", err) + return nil, &models.ProblemDetails{ + Status: http.StatusInternalServerError, + Cause: "CREATE_SUBSCRIPTION_ERROR", + } + } + subscription.SubscriptionId = subscriptionID tmp, err := json.Marshal(subscription) if err != nil { logger.NfmLog.Errorln("Marshal error in CreateSubscriptionProcedure: ", err) + return nil, &models.ProblemDetails{ + Status: http.StatusInternalServerError, + Cause: "CREATE_SUBSCRIPTION_ERROR", + } } putData := bson.M{} err = json.Unmarshal(tmp, &putData) if err != nil { logger.NfmLog.Errorln("Unmarshal error in CreateSubscriptionProcedure: ", err) + return nil, &models.ProblemDetails{ + Status: http.StatusInternalServerError, + Cause: "CREATE_SUBSCRIPTION_ERROR", + } } // TODO: need to store Condition ! @@ -198,7 +214,7 @@ func CreateSubscriptionProcedure(subscription models.NrfSubscriptionData) (bson. logger.NfmLog.Errorf("CreateSubscriptionProcedure err: %+v", err) } problemDetails := &models.ProblemDetails{ - Status: http.StatusBadRequest, + Status: http.StatusInternalServerError, Cause: "CREATE_SUBSCRIPTION_ERROR", } return nil, problemDetails