Validate References (#1486)

* Check for too many references * Added tests * Disable check if zero * Move references check * Set max references for testing * Added TODO * Added test * Added null check * Added test for too many references and incorrect password
RIPE-NCC · Jun 24, 2024 · bd49c51 · bd49c51
1 parent 6b211fa
commit bd49c51
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 1 deletion.
diff --git a/whois-commons/src/test/resources/whois.properties b/whois-commons/src/test/resources/whois.properties
@@ -173,3 +173,4 @@ dump.total.size.limit= 15
 
 roa.validator.available=true
 
+max.references=100
diff --git a/...end/src/test/groovy/net/ripe/db/whois/spec/integration/CommonUpdateIntegrationSpec.groovy b/...end/src/test/groovy/net/ripe/db/whois/spec/integration/CommonUpdateIntegrationSpec.groovy
@@ -258,4 +258,40 @@ class CommonUpdateIntegrationSpec extends BaseWhoisSourceSpec {
         then:
         response =~ /Cannot submit filtered whois output for updates/
     }
+
+    def "too many references"() {
+        when:
+        def response = syncUpdate new SyncUpdate(data: """
+mntner:      OWNER-MNT
+descr:       used to maintain other MNTNERs
+admin-c:     TP1-TEST
+auth:        MD5-PW \$1\$fyALLXZB\$V5Cht4.DAIM3vi64EpC0w/  #owner
+""" +
+"mnt-by:      OWNER-MNT\n".repeat(101) +
+"""upd-to:      dbtest@ripe.net
+source:      TEST
+password:    owner
+""")
+        then:
+        response =~ /Too many references/
+    }
+
+    def "too many references and incorrect password"() {
+        when:
+        def response = syncUpdate new SyncUpdate(data: """
+mntner:      OWNER-MNT
+descr:       used to maintain other MNTNERs
+admin-c:     TP1-TEST
+auth:        MD5-PW \$1\$fyALLXZB\$V5Cht4.DAIM3vi64EpC0w/  #owner
+""" +
+"mnt-by:      OWNER-MNT\n".repeat(101) +
+"""upd-to:      dbtest@ripe.net
+source:      TEST
+password:    invalid
+""")
+        then:
+       response =~ /Too many references/
+       !(response =~ /Authorisation for \[mntner\] OWNER-MNT failed/)
+    }
+
 }
diff --git a/whois-update/src/main/java/net/ripe/db/whois/update/domain/UpdateMessages.java b/whois-update/src/main/java/net/ripe/db/whois/update/domain/UpdateMessages.java
@@ -729,4 +729,9 @@ public static Message incorrectPrefixForRipeNsServer() {
         return new Message(Type.ERROR, "Prefix length must be /16 for IPv4 or /32 for IPv6 if ns.ripe.net is used as " +
                 "a nameserver.");
     }
+
+    public static Message tooManyReferences() {
+        return new Message(Type.ERROR, "Too many references");
+    }
+
 }
diff --git a/whois-update/src/main/java/net/ripe/db/whois/update/handler/SingleUpdateHandler.java b/whois-update/src/main/java/net/ripe/db/whois/update/handler/SingleUpdateHandler.java
@@ -8,6 +8,7 @@
 import net.ripe.db.whois.common.rpsl.ObjectMessages;
 import net.ripe.db.whois.common.rpsl.ObjectTemplate;
 import net.ripe.db.whois.common.rpsl.ObjectType;
+import net.ripe.db.whois.common.rpsl.RpslAttribute;
 import net.ripe.db.whois.common.rpsl.RpslObject;
 import net.ripe.db.whois.common.rpsl.RpslObjectFilter;
 import net.ripe.db.whois.update.authentication.Authenticator;
@@ -37,7 +38,6 @@
 import javax.annotation.Nullable;
 import java.util.List;
 
-
 @Component
 public class SingleUpdateHandler {
     private final AttributeSanitizer attributeSanitizer;
@@ -50,12 +50,17 @@ public class SingleUpdateHandler {
     private final IpTreeUpdater ipTreeUpdater;
     private final SsoTranslator ssoTranslator;
 
+    // TODO: [ES] make these fields final and assign in the constructor
+
     @Value("#{T(net.ripe.db.whois.common.domain.CIString).ciString('${whois.source}')}")
     private CIString source;
 
     @Value("#{T(net.ripe.db.whois.common.domain.CIString).ciString('${whois.nonauth.source}')}")
     private CIString nonAuthSource;
 
+    @Value("${max.references:0}")
+    private int maxReferences;
+
     @Autowired
     public SingleUpdateHandler(final List<AttributeGenerator> attributeGenerators,
                                final Transformer[] transformers,
@@ -201,6 +206,10 @@ private RpslObject getUpdatedObject(final Update update, final UpdateContext upd
             updateContext.addMessage(update, UpdateMessages.filteredNotAllowed());
         }
 
+        if (maxReferences > 0 && countReferences(updatedObject) > maxReferences) {
+            updateContext.addMessage(update, UpdateMessages.tooManyReferences());
+        }
+
         if (Operation.DELETE.equals(update.getOperation())) {
             if (Keyword.NEW.equals(keyword)) {
                 updateContext.addMessage(update, UpdateMessages.operationNotAllowedForKeyword(keyword, update.getOperation()));
@@ -222,6 +231,16 @@ private RpslObject getUpdatedObject(final Update update, final UpdateContext upd
         return updatedObject;
     }
 
+    private int countReferences(final RpslObject updatedObject) {
+        int references = 0;
+        for (RpslAttribute attribute : updatedObject.getAttributes()) {
+            if ((attribute.getType() != null) && attribute.getType().isReference()) {
+                references++;
+            }
+        }
+        return references;
+    }
+
     private Action getAction(@Nullable final RpslObject originalObject,
                              final RpslObject updatedObject,
                              final Update update,
Original file line number	Diff line number	Diff line change
Expand Up		@@ -173,3 +173,4 @@ dump.total.size.limit= 15

		roa.validator.available=true

		max.references=100