From 9c78bd85af3e298742ebe9936af0594181b0af69 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Fri, 12 Apr 2024 20:51:55 +0000 Subject: [PATCH 1/3] Switch order of literals to prevent NullPointerException --- .../src/main/java/com/netflix/eureka/aws/AwsAsgUtil.java | 6 +++--- .../com/netflix/eureka/registry/RemoteRegionRegistry.java | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/eureka-core/src/main/java/com/netflix/eureka/aws/AwsAsgUtil.java b/eureka-core/src/main/java/com/netflix/eureka/aws/AwsAsgUtil.java index 972f5aa595..94557119ad 100644 --- a/eureka-core/src/main/java/com/netflix/eureka/aws/AwsAsgUtil.java +++ b/eureka-core/src/main/java/com/netflix/eureka/aws/AwsAsgUtil.java @@ -205,7 +205,7 @@ public void setStatus(String asgName, boolean enabled) { */ private boolean isAddToLoadBalancerSuspended(String asgAccountId, String asgName) { AutoScalingGroup asg; - if(asgAccountId == null || asgAccountId.equals(accountId)) { + if(asgAccountId == null || accountId.equals(asgAccountId)) { asg = retrieveAutoScalingGroup(asgName); } else { asg = retrieveAutoScalingGroupCrossAccount(asgAccountId, asgName); @@ -263,7 +263,7 @@ private AutoScalingGroup retrieveAutoScalingGroup(String asgName) { private Credentials initializeStsSession(String asgAccount) { AWSSecurityTokenService sts = new AWSSecurityTokenServiceClient(new InstanceProfileCredentialsProvider()); String region = clientConfig.getRegion(); - if (!region.equals("us-east-1")) { + if (!"us-east-1".equals(region)) { sts.setEndpoint("sts." + region + ".amazonaws.com"); } @@ -301,7 +301,7 @@ private AutoScalingGroup retrieveAutoScalingGroupCrossAccount(String asgAccount, ); String region = clientConfig.getRegion(); - if (!region.equals("us-east-1")) { + if (!"us-east-1".equals(region)) { autoScalingClient.setEndpoint("autoscaling." + region + ".amazonaws.com"); } diff --git a/eureka-core/src/main/java/com/netflix/eureka/registry/RemoteRegionRegistry.java b/eureka-core/src/main/java/com/netflix/eureka/registry/RemoteRegionRegistry.java index 130e0e97ad..fb1b7f6934 100644 --- a/eureka-core/src/main/java/com/netflix/eureka/registry/RemoteRegionRegistry.java +++ b/eureka-core/src/main/java/com/netflix/eureka/registry/RemoteRegionRegistry.java @@ -117,7 +117,7 @@ public RemoteRegionRegistry(EurekaServerConfig serverConfig, .withMaxTotalConnections(serverConfig.getRemoteRegionTotalConnections()) .withConnectionIdleTimeout(serverConfig.getRemoteRegionConnectionIdleTimeoutSeconds()); - if (remoteRegionURL.getProtocol().equals("http")) { + if ("http".equals(remoteRegionURL.getProtocol())) { clientBuilder.withClientName("Discovery-RemoteRegionClient-" + regionName); } else if ("true".equals(System.getProperty("com.netflix.eureka.shouldSSLConnectionsUseSystemSocketFactory"))) { clientBuilder.withClientName("Discovery-RemoteRegionSystemSecureClient-" + regionName) From f86ca6dc2fb29f327e99b367ae2c41b7fa848f76 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Fri, 19 Jul 2024 08:36:14 -0400 Subject: [PATCH 2/3] Protect `readLine()` against DoS (#7) Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --- .../src/main/java/com/netflix/appinfo/AmazonInfo.java | 7 ++++--- .../netflix/discovery/internal/util/AmazonInfoUtils.java | 3 ++- .../main/java/com/netflix/eureka/ExampleEurekaClient.java | 3 ++- .../main/java/com/netflix/eureka/ExampleServiceBase.java | 3 ++- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/eureka-client/src/main/java/com/netflix/appinfo/AmazonInfo.java b/eureka-client/src/main/java/com/netflix/appinfo/AmazonInfo.java index 916a04576f..a946c9cc2b 100644 --- a/eureka-client/src/main/java/com/netflix/appinfo/AmazonInfo.java +++ b/eureka-client/src/main/java/com/netflix/appinfo/AmazonInfo.java @@ -16,6 +16,7 @@ package com.netflix.appinfo; +import io.github.pixee.security.BoundedLineReader; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; @@ -115,7 +116,7 @@ public String read(InputStream inputStream) throws IOException { try { String toReturn = null; String inputLine; - while ((inputLine = br.readLine()) != null) { + while ((inputLine = BoundedLineReader.readLine(br, 5_000_000)) != null) { Matcher matcher = pattern.matcher(inputLine); if (toReturn == null && matcher.find()) { toReturn = matcher.group(1); @@ -155,11 +156,11 @@ public String read(InputStream inputStream) throws IOException { BufferedReader br = new BufferedReader(new InputStreamReader(inputStream)); String toReturn; try { - String line = br.readLine(); + String line = BoundedLineReader.readLine(br, 5_000_000); toReturn = line; while (line != null) { // need to read all the buffer for a clean connection close - line = br.readLine(); + line = BoundedLineReader.readLine(br, 5_000_000); } return toReturn; diff --git a/eureka-client/src/main/java/com/netflix/discovery/internal/util/AmazonInfoUtils.java b/eureka-client/src/main/java/com/netflix/discovery/internal/util/AmazonInfoUtils.java index 1e3e69f0da..8d88911812 100644 --- a/eureka-client/src/main/java/com/netflix/discovery/internal/util/AmazonInfoUtils.java +++ b/eureka-client/src/main/java/com/netflix/discovery/internal/util/AmazonInfoUtils.java @@ -1,6 +1,7 @@ package com.netflix.discovery.internal.util; import com.netflix.appinfo.AmazonInfo.MetaDataKey; +import io.github.pixee.security.BoundedLineReader; import java.io.BufferedReader; import java.io.IOException; @@ -24,7 +25,7 @@ public static String readEc2MetadataUrl(MetaDataKey metaDataKey, URL url, int co if (uc.getResponseCode() != HttpURLConnection.HTTP_OK) { // need to read the error for clean connection close BufferedReader br = new BufferedReader(new InputStreamReader(uc.getErrorStream())); try { - while (br.readLine() != null) { + while (BoundedLineReader.readLine(br, 5_000_000) != null) { // do nothing but keep reading the line } } finally { diff --git a/eureka-examples/src/main/java/com/netflix/eureka/ExampleEurekaClient.java b/eureka-examples/src/main/java/com/netflix/eureka/ExampleEurekaClient.java index 93a28e2f89..5030934a38 100644 --- a/eureka-examples/src/main/java/com/netflix/eureka/ExampleEurekaClient.java +++ b/eureka-examples/src/main/java/com/netflix/eureka/ExampleEurekaClient.java @@ -16,6 +16,7 @@ package com.netflix.eureka; +import io.github.pixee.security.BoundedLineReader; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; @@ -103,7 +104,7 @@ public void sendRequestToServiceUsingEureka(EurekaClient eurekaClient) { System.out.println("Waiting for server response.."); BufferedReader rd = new BufferedReader(new InputStreamReader(s.getInputStream())); - String str = rd.readLine(); + String str = BoundedLineReader.readLine(rd, 5_000_000); if (str != null) { System.out.println("Received response from server: " + str); System.out.println("Exiting the client. Demo over.."); diff --git a/eureka-examples/src/main/java/com/netflix/eureka/ExampleServiceBase.java b/eureka-examples/src/main/java/com/netflix/eureka/ExampleServiceBase.java index c19babd3bb..f907225832 100644 --- a/eureka-examples/src/main/java/com/netflix/eureka/ExampleServiceBase.java +++ b/eureka-examples/src/main/java/com/netflix/eureka/ExampleServiceBase.java @@ -4,6 +4,7 @@ import com.netflix.appinfo.InstanceInfo; import com.netflix.config.DynamicPropertyFactory; import com.netflix.discovery.EurekaClient; +import io.github.pixee.security.BoundedLineReader; import javax.annotation.PostConstruct; import javax.annotation.PreDestroy; @@ -106,7 +107,7 @@ private void waitForRegistrationWithEureka(EurekaClient eurekaClient) { private void processRequest(final Socket s) { try { BufferedReader rd = new BufferedReader(new InputStreamReader(s.getInputStream())); - String line = rd.readLine(); + String line = BoundedLineReader.readLine(rd, 5_000_000); if (line != null) { System.out.println("Received a request from the example client: " + line); } From 4b7bfca8041b54db3d410f30c59b3a0f95154bdc Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Sun, 21 Jul 2024 15:35:49 -0400 Subject: [PATCH 3/3] (Sonar) Fixed finding: "`@Override` should be used on overriding and implementing methods" (#8) Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --- .../com/netflix/discovery/EurekaArchaius2ClientConfig.java | 3 +++ .../src/main/java/com/netflix/appinfo/AmazonInfo.java | 1 + .../java/com/netflix/appinfo/PropertiesInstanceConfig.java | 1 + .../java/com/netflix/discovery/util/ThresholdLevelsMetric.java | 2 ++ .../main/java/com/netflix/eureka/EurekaContextListener.java | 1 + 5 files changed, 8 insertions(+) diff --git a/eureka-client-archaius2/src/main/java/com/netflix/discovery/EurekaArchaius2ClientConfig.java b/eureka-client-archaius2/src/main/java/com/netflix/discovery/EurekaArchaius2ClientConfig.java index 8b54cbb5d0..4bfa5af286 100644 --- a/eureka-client-archaius2/src/main/java/com/netflix/discovery/EurekaArchaius2ClientConfig.java +++ b/eureka-client-archaius2/src/main/java/com/netflix/discovery/EurekaArchaius2ClientConfig.java @@ -119,6 +119,7 @@ public boolean shouldRegisterWithEureka() { return prefixedConfig.getBoolean(REGISTRATION_ENABLED_KEY, true); } + @Override public boolean shouldUnregisterOnShutdown() { return prefixedConfig.getBoolean(SHOULD_UNREGISTER_ON_SHUTDOWN_KEY, true); } @@ -177,6 +178,7 @@ public boolean shouldFetchRegistry() { return prefixedConfig.getBoolean(FETCH_REGISTRY_ENABLED_KEY, true); } + @Override public boolean shouldEnforceFetchRegistryAtInit() { return prefixedConfig.getBoolean(SHOULD_ENFORCE_FETCH_REGISTRY_AT_INIT_KEY, false); } @@ -213,6 +215,7 @@ public boolean shouldOnDemandUpdateStatusChange() { return prefixedConfig.getBoolean(SHOULD_ONDEMAND_UPDATE_STATUS_KEY, true); } + @Override public boolean shouldEnforceRegistrationAtInit() { return prefixedConfig.getBoolean(SHOULD_ENFORCE_REGISTRATION_AT_INIT, false); } diff --git a/eureka-client/src/main/java/com/netflix/appinfo/AmazonInfo.java b/eureka-client/src/main/java/com/netflix/appinfo/AmazonInfo.java index a946c9cc2b..f2823f3e8a 100644 --- a/eureka-client/src/main/java/com/netflix/appinfo/AmazonInfo.java +++ b/eureka-client/src/main/java/com/netflix/appinfo/AmazonInfo.java @@ -169,6 +169,7 @@ public String read(InputStream inputStream) throws IOException { } } + @Override public String toString() { return getName(); } diff --git a/eureka-client/src/main/java/com/netflix/appinfo/PropertiesInstanceConfig.java b/eureka-client/src/main/java/com/netflix/appinfo/PropertiesInstanceConfig.java index 4c73dfdf0c..d870c3add6 100644 --- a/eureka-client/src/main/java/com/netflix/appinfo/PropertiesInstanceConfig.java +++ b/eureka-client/src/main/java/com/netflix/appinfo/PropertiesInstanceConfig.java @@ -298,6 +298,7 @@ public String[] getDefaultAddressResolutionOrder() { * Indicates if the public ipv4 address of the instance should be advertised. * @return true if the public ipv4 address of the instance should be advertised, false otherwise . */ + @Override public boolean shouldBroadcastPublicIpv4Addr() { return configInstance.getBooleanProperty(namespace + BROADCAST_PUBLIC_IPV4_ADDR_KEY, super.shouldBroadcastPublicIpv4Addr()).get(); } diff --git a/eureka-client/src/main/java/com/netflix/discovery/util/ThresholdLevelsMetric.java b/eureka-client/src/main/java/com/netflix/discovery/util/ThresholdLevelsMetric.java index c3bcbfa73d..9f49a573a9 100644 --- a/eureka-client/src/main/java/com/netflix/discovery/util/ThresholdLevelsMetric.java +++ b/eureka-client/src/main/java/com/netflix/discovery/util/ThresholdLevelsMetric.java @@ -95,9 +95,11 @@ public NoOpThresholdLevelMetric() { super(null, null, new long[]{}); } + @Override public void update(long delayMs) { } + @Override public void shutdown() { } } diff --git a/eureka-server-governator/src/main/java/com/netflix/eureka/EurekaContextListener.java b/eureka-server-governator/src/main/java/com/netflix/eureka/EurekaContextListener.java index a127fd75ef..b1462d2bec 100644 --- a/eureka-server-governator/src/main/java/com/netflix/eureka/EurekaContextListener.java +++ b/eureka-server-governator/src/main/java/com/netflix/eureka/EurekaContextListener.java @@ -31,6 +31,7 @@ public void contextInitialized(ServletContextEvent servletContextEvent) { EurekaMonitors.registerAllStats(); } + @Override public void contextDestroyed(ServletContextEvent servletContextEvent) { EurekaMonitors.shutdown();