Modify controller class to handle UnmarshalException caused by invalid xml to prevent frontend error

This commit is contained in:
chubtub 2024-04-17 09:38:11 -04:00
parent 4da6020260
commit 711e342972
5 changed files with 40 additions and 21 deletions

View File

@ -91,7 +91,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
* @param rimBytes - the file content of the uploaded file. * @param rimBytes - the file content of the uploaded file.
* @throws IOException - thrown if the file is invalid. * @throws IOException - thrown if the file is invalid.
*/ */
public BaseReferenceManifest(final byte[] rimBytes) throws IOException { public BaseReferenceManifest(final byte[] rimBytes) throws UnmarshalException {
this("", rimBytes); this("", rimBytes);
} }
@ -104,7 +104,8 @@ public class BaseReferenceManifest extends ReferenceManifest {
* @throws IOException if unable to unmarshal the string * @throws IOException if unable to unmarshal the string
*/ */
@SuppressWarnings("checkstyle:AvoidInlineConditionals") @SuppressWarnings("checkstyle:AvoidInlineConditionals")
public BaseReferenceManifest(final String fileName, final byte[] rimBytes) throws IOException { public BaseReferenceManifest(final String fileName, final byte[] rimBytes)
throws UnmarshalException {
super(rimBytes); super(rimBytes);
this.setRimType(BASE_RIM); this.setRimType(BASE_RIM);
this.setFileName(fileName); this.setFileName(fileName);
@ -219,16 +220,24 @@ public class BaseReferenceManifest extends ReferenceManifest {
* @param byteArrayInputStream the location of the file to be validated * @param byteArrayInputStream the location of the file to be validated
*/ */
private Element getDirectoryTag(final ByteArrayInputStream byteArrayInputStream) { private Element getDirectoryTag(final ByteArrayInputStream byteArrayInputStream) {
Document document = unmarshallSwidTag(byteArrayInputStream); Document document = null;
Element softwareIdentity = try {
(Element) document.getElementsByTagNameNS( document = unmarshallSwidTag(byteArrayInputStream);
SwidTagConstants.SWIDTAG_NAMESPACE,"SoftwareIdentity").item(0); } catch (UnmarshalException e) {
if (softwareIdentity != null) { log.error("Error while parsing Directory tag: " + e.getMessage());
Element directory = (Element) document.getElementsByTagName("Directory").item(0); }
if (document != null) {
Element softwareIdentity =
(Element) document.getElementsByTagNameNS(
SwidTagConstants.SWIDTAG_NAMESPACE, "SoftwareIdentity").item(0);
if (softwareIdentity != null) {
Element directory = (Element) document.getElementsByTagNameNS(
SwidTagConstants.SWIDTAG_NAMESPACE, "Directory").item(0);
return directory; return directory;
} else { } else {
log.error("Invalid xml for validation, please verify "); log.error("Invalid xml for validation, please verify ");
}
} }
return null; return null;
@ -273,7 +282,8 @@ public class BaseReferenceManifest extends ReferenceManifest {
* @param byteArrayInputStream to the input swidtag * @param byteArrayInputStream to the input swidtag
* @return the Document element at the root of the swidtag * @return the Document element at the root of the swidtag
*/ */
private Document unmarshallSwidTag(final ByteArrayInputStream byteArrayInputStream) { private Document unmarshallSwidTag(final ByteArrayInputStream byteArrayInputStream)
throws UnmarshalException {
InputStream is = null; InputStream is = null;
Document document = null; Document document = null;
Unmarshaller unmarshaller = null; Unmarshaller unmarshaller = null;
@ -293,7 +303,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
} catch (SAXException e) { } catch (SAXException e) {
log.error("Error setting schema for validation!"); log.error("Error setting schema for validation!");
} catch (UnmarshalException e) { } catch (UnmarshalException e) {
log.error("Error validating swidtag file!"); throw new UnmarshalException("Error validating swidtag file");
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
log.error("Input file empty."); log.error("Input file empty.");
} catch (JAXBException e) { } catch (JAXBException e) {

View File

@ -41,6 +41,7 @@ import hirs.utils.SwidResource;
import hirs.utils.enums.DeviceInfoEnums; import hirs.utils.enums.DeviceInfoEnums;
import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TCGEventLog;
import hirs.utils.tpm.eventlog.TpmPcrEvent; import hirs.utils.tpm.eventlog.TpmPcrEvent;
import jakarta.xml.bind.UnmarshalException;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
import org.apache.commons.codec.binary.Hex; import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.ArrayUtils;
@ -420,8 +421,8 @@ public class IdentityClaimProcessor extends AbstractProcessor {
} }
} }
tagId = dbBaseRim.getTagId(); tagId = dbBaseRim.getTagId();
} catch (IOException ioEx) { } catch (UnmarshalException e) {
log.error(ioEx); log.error(e);
} }
} }
} else { } else {

View File

@ -41,6 +41,8 @@ dependencies {
implementation libs.bouncycastle implementation libs.bouncycastle
implementation libs.guava implementation libs.guava
implementation libs.jakarta.servlet implementation libs.jakarta.servlet
implementation libs.jakarta.api
implementation libs.jakarta.xml
implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-validation' implementation 'org.springframework.boot:spring-boot-starter-validation'

View File

@ -19,6 +19,7 @@ import hirs.utils.tpm.eventlog.TpmPcrEvent;
import jakarta.persistence.EntityManager; import jakarta.persistence.EntityManager;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import jakarta.validation.Valid; import jakarta.validation.Valid;
import jakarta.xml.bind.UnmarshalException;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.PageRequest; import org.springframework.data.domain.PageRequest;
@ -393,23 +394,28 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
try { try {
if (supportRIM) { if (supportRIM) {
supportRim = new SupportReferenceManifest(fileName, fileBytes); supportRim = new SupportReferenceManifest(fileName, fileBytes);
if (referenceManifestRepository.findByHexDecHashAndRimType(supportRim.getHexDecHash(), if (referenceManifestRepository.findByHexDecHashAndRimType(
supportRim.getRimType()) == null) { supportRim.getHexDecHash(), supportRim.getRimType()) == null) {
supportRims.add(supportRim); supportRims.add(supportRim);
messages.addInfo("Saved Reference Manifest " + fileName); messages.addInfo("Saved Reference Manifest " + fileName);
} }
} else { } else {
baseRim = new BaseReferenceManifest(fileName, fileBytes); baseRim = new BaseReferenceManifest(fileName, fileBytes);
if (referenceManifestRepository.findByHexDecHashAndRimType(baseRim.getHexDecHash(), if (referenceManifestRepository.findByHexDecHashAndRimType(
baseRim.getRimType()) == null) { baseRim.getHexDecHash(), baseRim.getRimType()) == null) {
baseRims.add(baseRim); baseRims.add(baseRim);
} }
} }
} catch (IOException | NullPointerException ioEx) { } catch (IOException | NullPointerException ioEx) {
final String failMessage final String failMessage
= String.format("Failed to parse uploaded file (%s): ", fileName); = String.format("Failed to parse support RIM file (%s): ", fileName);
log.error(failMessage, ioEx); log.error(failMessage, ioEx);
messages.addError(failMessage + ioEx.getMessage()); messages.addError(failMessage + ioEx.getMessage());
} catch (UnmarshalException e) {
final String failMessage
= String.format("Failed to parse base RIM file (%s): ", fileName);
log.error(failMessage, e);
messages.addError(failMessage + e.getMessage());
} }
} }

View File

@ -9,7 +9,7 @@
<jsp:attribute name="pageHeaderTitle">Error - 404</jsp:attribute> <jsp:attribute name="pageHeaderTitle">Error - 404</jsp:attribute>
<jsp:body> <jsp:body>
<!--<div> Exception Message: <c:out value="${exception}"</c:out></div> <!--<div> Exception Message: <c:out value="${exception}"/></div>
<div> from URL -> <span th:text="${url}"</span></div>--> <div> from URL -> <span th:text="${url}"</span></div>-->
</jsp:body> </jsp:body>
</my:page> </my:page>