Check json when adding backend (#141)

* Add check on json keys for add backend instance
* Add check for values to not be null
* Removed hard coded logging levels in frontend application

Author: e-pettersson-ericsson

src/main/java/com/ericsson/ei/frontend/BackEndInformationController.java

@@ -29,15 +29,15 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import com.ericsson.ei.frontend.utils.BackEndInfoirmationControllerUtils;
+import com.ericsson.ei.frontend.utils.BackEndInformationControllerUtils;
 
 @Controller
 public class BackEndInformationController {
 
     public static final Logger LOG = LoggerFactory.getLogger(BackEndInformationController.class);
 
     @Autowired
-    private BackEndInfoirmationControllerUtils backEndInfoContUtils;
+    private BackEndInformationControllerUtils backEndInfoContUtils;
 
     @CrossOrigin
     @RequestMapping(value = "/backend", method = RequestMethod.GET)

src/main/java/com/ericsson/ei/frontend/EIFrontendApplication.java

@@ -13,7 +13,7 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-*/   
+*/
 package com.ericsson.ei.frontend;
 
 import java.util.ArrayList;
@@ -46,10 +46,6 @@ public static void main(String[] args) {
             System.setProperty("logging.level.root", args[0]);
             System.setProperty("logging.level.org.springframework.web", args[0]);
             System.setProperty("logging.level.com.ericsson.ei", args[0]);
-        } else {
-            System.setProperty("logging.level.root", "INFO");
-            System.setProperty("logging.level.org.springframework.web", "INFO");
-            System.setProperty("logging.level.com.ericsson.ei", "INFO");
         }
 
         SpringApplication.run(EIFrontendApplication.class, args);

src/main/java/com/ericsson/ei/frontend/utils/BackEndInfoirmationControllerUtils.java renamed to src/main/java/com/ericsson/ei/frontend/utils/BackEndInformationControllerUtils.java

@@ -37,9 +37,9 @@
 import com.google.gson.JsonParser;
 
 @Component
-public class BackEndInfoirmationControllerUtils {
+public class BackEndInformationControllerUtils {
 
-    private static final Logger LOG = LoggerFactory.getLogger(BackEndInfoirmationControllerUtils.class);
+    private static final Logger LOG = LoggerFactory.getLogger(BackEndInformationControllerUtils.class);
 
     @Autowired
     private BackEndInstancesUtils backEndInstancesUtils;
@@ -134,6 +134,30 @@ public ResponseEntity<String> handleRequestToAddBackEnd(HttpServletRequest reque
                     .collect(Collectors.joining(System.lineSeparator()));
             JsonObject instance = new JsonParser().parse(newInstanceAsString).getAsJsonObject();
 
+            final boolean hasRequiredData = backEndInstancesUtils.hasRequiredJsonKeys(instance);
+            if (!hasRequiredData) {
+                LOG.debug("Json data is missing required keys");
+                return new ResponseEntity<>(
+                        "{\"message\": \"Back-end instance is missing required data.\"}",
+                        getHeaders(), HttpStatus.BAD_REQUEST);
+            }
+
+            final boolean hasNullValues = backEndInstancesUtils.containsNullValues(instance);
+            if (hasNullValues) {
+                LOG.debug("Json data contains null values");
+                return new ResponseEntity<>(
+                        "{\"message\": \"Back-end instance can not have null values.\"}",
+                        getHeaders(), HttpStatus.BAD_REQUEST);
+            }
+
+            final boolean containsUnrecognizedKeys = backEndInstancesUtils.containsAdditionalKeys(instance);
+            if (containsUnrecognizedKeys) {
+                LOG.debug("JSON data contains unrecognized keys");
+                return new ResponseEntity<>(
+                        "{\"message\": \"Back-end instance contains unrecognized JSON keys.\"}",
+                        getHeaders(), HttpStatus.BAD_REQUEST);
+            }
+
             final boolean instanceNameAlreadyExist = backEndInstancesUtils.checkIfInstanceNameAlreadyExist(instance);
             if (instanceNameAlreadyExist) {
                 LOG.debug("Not a unique name.");
@@ -160,7 +184,6 @@ public ResponseEntity<String> handleRequestToAddBackEnd(HttpServletRequest reque
                 return new ResponseEntity<>(
                         "{\"message\": \"Back-end instance with given values already exist.\"}",
                         getHeaders(), HttpStatus.BAD_REQUEST);
-
             }
 
             backEndInstancesUtils.addNewBackEnd(instance);

src/main/java/com/ericsson/ei/frontend/utils/BackEndInstancesUtils.java

@@ -17,19 +17,18 @@
 package com.ericsson.ei.frontend.utils;
 
 import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.*;
 
+import com.google.gson.JsonArray;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import com.ericsson.ei.frontend.model.BackEndInformation;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.gson.JsonArray;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonObject;
 
 import lombok.Getter;
 import lombok.Setter;
@@ -47,6 +46,8 @@ public class BackEndInstancesUtils {
     public static final String CONTEXT_PATH = "contextPath";
     public static final String HTTPS = "https";
     public static final String DEFAULT = "defaultBackend";
+    public static final List<String> ALLOWED_JSON_KEYS = Arrays.asList("name",
+            "host", "port", "contextPath", "https", "defaultBackend");
 
     private static final long SECONDS_BETWEEN_PARSING = 20;
 
@@ -64,6 +65,57 @@ public class BackEndInstancesUtils {
     private long nextTimeToParse = 0;
     private boolean savedSinceLastParsing = false;
 
+    /**
+     * Checks that all required keys exist in the incoming json object.
+     *
+     * @param JsonObject instance
+     * @return boolean
+     * */
+    public boolean hasRequiredJsonKeys(JsonObject instance) {
+        if (instance.has(HOST) && instance.has(PORT) && instance.has(NAME)
+                && instance.has(CONTEXT_PATH) && instance.has(HTTPS)) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * Checks if json values in backend instance are null.
+     *
+     * @param JsonObject instance
+     * @return boolean
+     * */
+    public boolean containsNullValues(JsonObject instance) {
+        for (Map.Entry<String, JsonElement> entrySet : instance.entrySet()) {
+            if (entrySet.getValue().isJsonNull() || entrySet.getValue() == null) {
+                LOG.debug(entrySet.toString() + " can not be null!");
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Checks that the incoming json data does not contain additional keys. Any
+     * unrecognized keys are logged.
+     *
+     * @param JsonObject instance
+     * @return boolean
+     * */
+    public boolean containsAdditionalKeys(JsonObject instance) {
+        if (instance.size() > ALLOWED_JSON_KEYS.size()) {
+            for (Map.Entry<String, JsonElement> entrySet : instance.entrySet()) {
+
+                boolean hasUnrecognizedKeys = !ALLOWED_JSON_KEYS.contains(entrySet.getKey());
+                if (hasUnrecognizedKeys) {
+                    LOG.debug("Unrecognized key " + entrySet.getKey());
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
     /**
      * Returns true or false depending if instance host, port, contextPath or https already exist.
      * Will return true if all values are the same, false if any value is different, thus input instance
@@ -107,7 +159,6 @@ public boolean checkIfInstanceNameAlreadyExist(JsonObject instance) {
     /**
      * Returns true or false depending if default instance exist.
      *
-     * @param instance
      * @return boolean
      */
     public boolean hasDefaultBackend() {
@@ -122,7 +173,7 @@ public boolean hasDefaultBackend() {
     /**
      * Returns the BackEndInformation based on input name.
      *
-     * @param String name
+     * @param String backEndName
      * @return backendInformation if exist null if no backendInformation exist
      */
     public BackEndInformation getBackEndInformationByName(String backEndName) {
@@ -156,13 +207,9 @@ public BackEndInformation getBackEndInformationByName(String backEndName) {
      *
      * @param instance back end information as JsonObject
      */
-    public void addNewBackEnd(JsonObject instance) {
+    public void addNewBackEnd(JsonObject instance) throws IOException {
         parseBackEndInstances();
-        try {
-            backEndInformationList.add(new ObjectMapper().readValue(instance.toString(), BackEndInformation.class));
-        } catch (IOException e) {
-            LOG.error("Failure when trying to add instance " + e.getMessage());
-        }
+        backEndInformationList.add(new ObjectMapper().readValue(instance.toString(), BackEndInformation.class));
         saveBackEndInformationList();
     }
 
@@ -205,7 +252,7 @@ public void setDefaultBackEndInstanceToNull() {
     }
 
     /**
-     * Tunction that may be used to set default back end.
+     * Function that may be used to set default back end.
      *
      * @param name
      * @param host

src/test/java/com/ericsson/ei/frontend/BackendInformationControllerTest.java

@@ -97,6 +97,9 @@ public void testSwitchInstance() throws Exception {
 
     @Test
     public void testAddInstance() throws Exception {
+        when(utils.hasRequiredJsonKeys(any())).thenReturn(true);
+        when(utils.containsNullValues(any())).thenReturn(false);
+        when(utils.containsAdditionalKeys(any())).thenReturn(false);
         when(utils.checkIfInstanceAlreadyExist(any())).thenReturn(false);
         when(utils.getBackEndsAsJsonArray()).thenReturn(new JsonArray());
         mockMvc.perform(MockMvcRequestBuilders.post(PATH_FOR_BACK_END_INFORMATION)

src/test/java/com/ericsson/ei/frontend/BackendInformationControllerUtilsTest.java

@@ -15,13 +15,10 @@
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import java.io.BufferedReader;
 import java.io.FileReader;
 import java.net.URI;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Stream;
 
@@ -33,8 +30,6 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mockito;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -44,15 +39,11 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.test.web.servlet.MockMvc;
-import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 
 import com.ericsson.ei.frontend.model.BackEndInformation;
-import com.ericsson.ei.frontend.utils.BackEndInfoirmationControllerUtils;
+import com.ericsson.ei.frontend.utils.BackEndInformationControllerUtils;
 import com.ericsson.ei.frontend.utils.BackEndInstancesUtils;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.gson.JsonArray;
-import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 
@@ -70,7 +61,7 @@ public class BackendInformationControllerUtilsTest {
     private BackEndInstancesUtils backEndInstancesUtils;
 
     @Autowired
-    private BackEndInfoirmationControllerUtils backendInfoContrUtils;
+    private BackEndInformationControllerUtils backendInfoContrUtils;
 
     private JsonObject instance;
     private JsonArray instances;
@@ -166,20 +157,54 @@ public void testHandleRequestToAddBackEnd() throws Exception {
         // Test successfully added.
         when(backEndInstancesUtils.checkIfInstanceNameAlreadyExist(any())).thenReturn(false);
         when(backEndInstancesUtils.checkIfInstanceAlreadyExist(any())).thenReturn(false);
+        when(backEndInstancesUtils.hasRequiredJsonKeys(any())).thenReturn(true);
         expectedResponse = createExpectedResponse(
                 "{\"message\": \"Back-end instance with name 'someName' was successfully added to the back-end instance list.\"}",
                 HttpStatus.OK);
         response = backendInfoContrUtils.handleRequestToAddBackEnd(mockedRequest);
         assertEquals(expectedResponse, response);
 
+        // Test with missing keys
+        when(backEndInstancesUtils.hasRequiredJsonKeys(any())).thenReturn(false);
+        expectedResponse = createExpectedResponse(
+                "{\"message\": \"Back-end instance is missing required data.\"}",
+                HttpStatus.BAD_REQUEST);
+        response = backendInfoContrUtils.handleRequestToAddBackEnd(mockedRequest);
+        assertEquals(expectedResponse, response);
+
+        // Test with null values
+        when(backEndInstancesUtils.hasRequiredJsonKeys(any())).thenReturn(true);
+        when(backEndInstancesUtils.containsNullValues(any())).thenReturn(true);
+        expectedResponse = createExpectedResponse(
+                "{\"message\": \"Back-end instance can not have null values.\"}",
+                HttpStatus.BAD_REQUEST);
+        response = backendInfoContrUtils.handleRequestToAddBackEnd(mockedRequest);
+        assertEquals(expectedResponse, response);
+
+        // Test with additional unrecognized keys
+        when(backEndInstancesUtils.hasRequiredJsonKeys(any())).thenReturn(true);
+        when(backEndInstancesUtils.containsNullValues(any())).thenReturn(false);
+        when(backEndInstancesUtils.containsAdditionalKeys(any())).thenReturn(true);
+        expectedResponse = createExpectedResponse(
+                "{\"message\": \"Back-end instance contains unrecognized JSON keys.\"}",
+                HttpStatus.BAD_REQUEST);
+        response = backendInfoContrUtils.handleRequestToAddBackEnd(mockedRequest);
+        assertEquals(expectedResponse, response);
+
         // Test back end name already exist
+        when(backEndInstancesUtils.hasRequiredJsonKeys(any())).thenReturn(true);
+        when(backEndInstancesUtils.containsNullValues(any())).thenReturn(false);
+        when(backEndInstancesUtils.containsAdditionalKeys(any())).thenReturn(false);
         when(backEndInstancesUtils.checkIfInstanceNameAlreadyExist(any())).thenReturn(true);
         expectedResponse = createExpectedResponse(
                 "{\"message\": \"Back-end instance with name 'someName' already exists.\"}", HttpStatus.BAD_REQUEST);
         response = backendInfoContrUtils.handleRequestToAddBackEnd(mockedRequest);
         assertEquals(expectedResponse, response);
 
         // Test instance already exist
+        when(backEndInstancesUtils.hasRequiredJsonKeys(any())).thenReturn(true);
+        when(backEndInstancesUtils.containsNullValues(any())).thenReturn(false);
+        when(backEndInstancesUtils.containsAdditionalKeys(any())).thenReturn(false);
         when(backEndInstancesUtils.checkIfInstanceNameAlreadyExist(any())).thenReturn(false);
         when(backEndInstancesUtils.checkIfInstanceAlreadyExist(any())).thenReturn(true);
         expectedResponse = createExpectedResponse("{\"message\": \"Back-end instance with given values already exist.\"}",
@@ -188,6 +213,9 @@ public void testHandleRequestToAddBackEnd() throws Exception {
         assertEquals(expectedResponse, response);
 
         // Test failure to add new default instance.
+        when(backEndInstancesUtils.hasRequiredJsonKeys(any())).thenReturn(true);
+        when(backEndInstancesUtils.containsNullValues(any())).thenReturn(false);
+        when(backEndInstancesUtils.containsAdditionalKeys(any())).thenReturn(false);
         when(backEndInstancesUtils.checkIfInstanceNameAlreadyExist(any())).thenReturn(false);
         when(backEndInstancesUtils.checkIfInstanceAlreadyExist(any())).thenReturn(false);
         when(backEndInstancesUtils.hasDefaultBackend()).thenReturn(true);

src/test/java/com/ericsson/ei/frontend/BackendInstancesUtilsTest.java

@@ -60,6 +60,34 @@ public void before() throws IOException {
         utils.getDefaultBackendInformation().setHost(null);
     }
 
+    @Test
+    public void testHasRequiredJsonKeys() {
+        // removing required key port and the json object should not be valid
+        instance.remove("port");
+        assertEquals(false, utils.hasRequiredJsonKeys(instance));
+
+        // adding the key port with a value and it should pass
+        instance.addProperty("port", 1234);
+        assertEquals(true, utils.hasRequiredJsonKeys(instance));
+    }
+
+    @Test
+    public void testContainsNullValuesTrue() {
+        instance.add("port", null);
+        assertEquals(true, utils.containsNullValues(instance));
+    }
+
+    @Test
+    public void testContainsAdditionalKeysTrue() {
+        // add extra random key
+        instance.addProperty("randomKey", "randomValue");
+        assertEquals(true, utils.containsAdditionalKeys(instance));
+
+        // clean up of excess JSON key
+        instance.remove("randomKey");
+        assertEquals(false, utils.containsAdditionalKeys(instance));
+    }
+
     @Test
     public void testCheckIfInstanceAlreadyExistTrue() {
         boolean result;
@@ -135,7 +163,7 @@ public void testGetBackEndInformationByName() {
     }
 
     @Test
-    public void testAddNewBackEnd() {
+    public void testAddNewBackEnd() throws IOException {
         when(fileUtils.getInstancesFromFile()).thenReturn(new JsonArray());
         utils.addNewBackEnd(instance);
         assertEquals(instance, utils.getBackEndInformationList().get(0).getAsJsonObject());