This repository was archived by the owner on May 16, 2023. It is now read-only.
Remove country information from context validator logs #922
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ioangut
requested review from
EugenM-SAP,
EvgeniiSkrebtcov,
FelixRottler,
JonasZeitzem-sap,
KevponSAP,
emmetsap,
fredrb,
hilmarf,
kilbphilippSAP,
mibrasap,
roesslerj and
sorin-iovita
as code owners
KevponSAP
previously approved these changes
Oct 23, 2020
sorin-iovita
previously approved these changes
Oct 23, 2020
EugenM-SAP
reviewed
Oct 23, 2020
...c/main/java/app/coronawarn/server/services/submission/validation/ValidSubmissionPayload.java
Outdated
Show resolved
Hide resolved
EugenM-SAP
approved these changes
Oct 23, 2020
KevponSAP
approved these changes
Oct 23, 2020
|
Kudos, SonarCloud Quality Gate passed!
|
hilmarf
added a commit
that referenced
this pull request
Oct 28, 2020
* Mitigate CVE-2020-13956 and CVE-2020-15250 (#902) * Improve logging (#904) * Document EUR package (#884) * Document EUR package * resolve markdownlint * Update docs/DISTRIBUTION.md Co-authored-by: KevponSAP <66735382+KevponSAP@users.noreply.github.com> * resolve markdownlint * git review change request Co-authored-by: KevponSAP <66735382+KevponSAP@users.noreply.github.com> Co-authored-by: Frederico <fred.rbittencourt@gmail.com> * Update api documentation including european package (#885) * Update api documentation including european package * Changes based on comments * Fix checkstyle error Co-authored-by: Sorin Stefan Iovita <sorin.stefan.iovita@sap.com> * fix wrong DB client (#907) * Distribution Service Documentation (#870) * Document signing process * Document bundling and shifting Document key export files * Resolve markdownlint * Resolve markdownlint * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: KevponSAP <66735382+KevponSAP@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Update docs/DISTRIBUTION.md Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Code review changes * Code review changes * Code review changes * pull request change request * markdownlint * fix typo * Code review changes Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> Co-authored-by: KevponSAP <66735382+KevponSAP@users.noreply.github.com> * Update artifact version (#903) * Update maven.config * Update maven.config Co-authored-by: KevponSAP <66735382+KevponSAP@users.noreply.github.com> * Ajust distribution embargo logic for same day keys (#908) Co-authored-by: Sorin Stefan Iovita <sorin.stefan.iovita@sap.com> * Vault https integration (#896) * Try TLS 1.2 as JVM argument * correction * docker command correcction * correction * Specify trust-store via env variable * test older truststore * test * Change truststore * test with different authentication method * Try with env variable * Add password * Added "file:" in the truststore path * Removed enforced running of TLS 1.2 * Enforce working tls version 1.2 * Replace distroless image with sap machine * DpkgHelper with sapmachine * Update Dockerfile * Investigate sapmachine image * Distroless java version 11.0.8 update * Change distroless image for all services * Fix dockerfilelint report * Removed .jks file from resources Co-authored-by: Eugen M <eugen.madean@sap.com> * Update TRL derivation map (#905) * Rollback the vault-integration-ssl feature (#917) * Remove country information from context validator logs (#922) * Remove country information from context validator logs * Correction for the violation message * Fix/master visited countries (#918) * Fix an issue if the supported countries is empty * Fix code smell * Fix/upload testdata (#920) * add retention filter to Upload Keys * fix upload testdata generation to generate keys within proper time window * delete older keys on TestDataGeneration * fix tests that generate submission timestamp at 0 * Specify rolling start interval number for some test objects Co-authored-by: Eugen M <eugen.madean@sap.com> * Enhance download log (#913) (#932) * Enhance download log (#912) * Bump tomcat version (#936) * Fix/visited countries (#926) * Fix an issue if the supported countries is empty * Fix code smell * Move enhancement of visited countries with origin country to persistence layer * Fix code smells * Change the validation of the origin country during submission (#937) * Fix/duplicate efgs key distribution (#933) * Update maven.config (#900) Prepare for 1.6 * Rel/1.6 (#906) * Mitigate CVE-2020-13956 and CVE-2020-15250 (#902) * Improve logging (#904) Co-authored-by: Sorin Stefan Iovita <sorin.stefan.iovita@sap.com> * Enhance download log (#913) * Fix/1.6 visited countries (#919) * Fix an issue if the supported countries is empty * Fix code smell * Fix keys that are duplicated in different packages for EUR in some cases * Changes after review Co-authored-by: Sorin Stefan Iovita <sorin.stefan.iovita@sap.com> Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> Co-authored-by: ioangut <ioan.gut@sap.com> * Fix Code smells (#931) * Fix code smell * Fix code smells * Increase code coverage * Extract field in test class Co-authored-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com> * Refactoring/reformatting in tests (#830) (#927) * refactor test names to be inline with other tests Most tests are written in lowerCamelCase, we changed these to be in line with that style. * move test data creation out of test method * extract out some common lines from tests Co-authored-by: Ra-Jo-cosee <71650265+Ra-Jo-cosee@users.noreply.github.com> Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * We do not want to deliver default values for supported countries, as not defining them should result in an error (#928) However, during development, we want those values to be available—especially for anybody new to the project. This change solves submission_1 | *************************** submission_1 | APPLICATION FAILED TO START submission_1 | *************************** submission_1 | submission_1 | Description: submission_1 | submission_1 | Binding to target org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'services.submission' to app.coronawarn.server.services.submission.config.SubmissionServiceConfig failed: submission_1 | submission_1 | Property: services.submission.supportedCountries submission_1 | Value: null submission_1 | Reason: null submission_1 | submission_1 | submission_1 | Action: submission_1 | submission_1 | Update your application's configuration Co-authored-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com> Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> * Add validation for origin country diagnosis key (#935) * Add validation for origin country diagnosis key * Add review suggested changes * fix code smell Co-authored-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com> Co-authored-by: Michael <66735191+mibrasap@users.noreply.github.com> Co-authored-by: Sorin Stefan Iovita <sorin.stefan.iovita@sap.com> Co-authored-by: KevponSAP <66735382+KevponSAP@users.noreply.github.com> Co-authored-by: Frederico <fred.rbittencourt@gmail.com> Co-authored-by: ioangut <67064882+ioangut@users.noreply.github.com> Co-authored-by: Eugen M <eugen.madean@sap.com> Co-authored-by: EugenM-SAP <67458405+EugenM-SAP@users.noreply.github.com> Co-authored-by: ioangut <ioan.gut@sap.com> Co-authored-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com> Co-authored-by: Ra-Jo-cosee <71650265+Ra-Jo-cosee@users.noreply.github.com> Co-authored-by: Jeremias Rößler <jeremias.roessler@sap.com>
EugenM-SAP
added a commit
that referenced
this pull request
Oct 28, 2020
This reverts commit af3e45e.
hilmarf
added a commit
that referenced
this pull request
Nov 1, 2020
* Revert "Remove country information from context validator logs (#922)" This reverts commit af3e45e. * Create a test for validation message interpolation issue * disable EL interpolation on submission module * disable interpolation in Download module * Add assertions about the actual violation message Co-authored-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>
Member
|
The link to https://github.com/corona-warn-app/cwa-security/issues/63 is dead… 🤔 |
Member
|
Due to NDA reasons, critical security issues are discussed internally first and will not be exposed to the public. For this reason, we have a private repository where only a small amount of people have access to. You can read an update on our official website here: Thank you very much for your understanding. Best regards, Corona-Warn-App Open Source Team |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
mvn installruns for the whole project and, if you touched any code in the respective service, submission and distribution service can be run withspring-boot:runDescription
The PR contains a cherry pick fix of the submission payload validation.