Soluto/kamus

API does not handle bad input well

darthf1 opened this issue · 1 comments

darthf1 commented

Summarizing a long Slack chat with @omerlh

The API does not handle bad input well.

HTTP/1.1 500 Internal Server Error
{
  "service-account": "kamus-sa",
  "namespace": "default",
  "data": "{\"key\":\"value\"}"
}
darthf1 commented

More testing on kamus:encryptor-0.4.4.1

The input is assumed to be base64 encoded value.

  • "data": "true" -> 200
  • "data": "truetrue" -> 200
  • "data": "dGVzdGluZw==" -> 200
  • "data": "no" -> 500
{
	"Timestamp": "2019-07-23T19:13:27.9007179+00:00",
	"Level": "Error",
	"MessageTemplate": "Unhandled exception while processing request",
	"Exception": "System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.\n   at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)\n   at System.Convert.FromBase64String(String s)\n   at Google.Protobuf.ByteString.FromBase64(String bytes)\n   at Kamus.KeyManagement.GoogleCloudKeyManagment.Encrypt(String data, String serviceAccountId, Boolean createKeyIfMissing) in /app/key-managment/GoogleCloudKeyManagment.cs:line 85\n   at Kamus.Controllers.EncryptController.Encrypt(EncryptRequest body) in /app/encrypt-api/Controllers/EncryptController.cs:line 45\n   at lambda_method(Closure , Object )\n   at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()\n   at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)\n   at System.Threading.Tasks.ValueTask`1.get_Result()\n   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()\n   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()\n   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)\n   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)\n   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()\n   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextResourceFilter()\n   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResourceExecutedContext context)\n   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)\n   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()\n   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()\n   at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)\n   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)\n   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)\n   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)\n   at Kamus.ErrorHandlingMiddleware.Invoke(HttpContext httpContext) in /app/encrypt-api/ErrorHandlingMiddleware.cs:line 25",
	"Properties": {
		"SourceContext": "Kamus.ErrorHandlingMiddleware"
	}
}